03 P 



(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Organization 

International Bureau 

(43) International Publication Date 
20 February 2003 (20.02.2003) 




PCT 



(10) International Publication Number 

wo 03/014955 Al 



(51) International Patent Classification^: 



(21) International Application Number: PCTAJS02/25030 



(22) International Filing Date: 7 August 2002 (07.08.2002) 



G06F 15/16 (72) Inventors: FLOWERS, John, M., Jr.; 5046 Bust Head 
Road, Broad Run, VA 20137 (US). FLOWERS, Cynthia, 
L.; 5046 Bust Head Road, Broad Run, VA 20137 (US). 
KYAW, Thu, Rein; 1442 Park Garden Lane, Reston, VA 
20194 (US). 



(25) Filing Language: 

(26) Publication Language: 



English 
English 



(30) 



Priority Data: 

60/310.825 

60/310,826 

60/310,830 

60/315,986 

60/316,008 

60/316,039 

60/338,640 

60/353,204 



9 August 2001 
9 August 2001 
9 August 2001 
31 August 200 1 
31 August 2(K)1 
31 August 2001 
11 December 2001 
4 February 2002 



1.2001) US 
1.2001) US 



(09.08 
(09.08. 
(09.08 
(31.08 
(31.08 
(31.08 
(11.12 
(04.02.2002) US 



;.2001) 

;.200i) 

5.2001) 



US 

us 
us 



5.2001) US 
1.2001) US 



(71) Applicant: GIGAMEDL\ ACCESS CORPORATION 

[US/US]; Suite 302, 607 Hemdon Parkway, Hemdon, VA 
20170 (US). 



(74) Agents: GEORGE, Keith, E. et al.; McDermott, Will & 
Emery, 600 13th Street N.W., Washington, DC 20005-3096 

(US). 

(81) Designated States (national): AE, AG, AL, AM, AT, AU, 
AZ, BA, BB, BG, BR, BY, BZ, CA, CH, CN, CO. CR, CU, 

CZ, DE, DK, DM, DZ, EC, EE, ES, H, GB, GD, GE, GH, 
GM, HR, HU, ID, IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC, 
LK, LR, LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, 
MX, MZ, NO, NZ, OM, PH, PL. PT, RO. RU, SD, SE, SG, 
SI, SK, SL, TJ, TM, TN, TR, TT, TZ, UA, UG, UZ, VN. 
YU, ZA. ZM. ZW. 

(84) Designated States (regional): ARIPO patent (GH, GM, 
KE, LS, MW, MZ, SD, SL, SZ, TZ, UG. ZM, ZW), 
Eurasian patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), 
European patent (AT, BE, BG, CH, CY, CZ, DE, DK, EE, 
ES, H, FR. GB. GR. IE, IT, LU, MC, NL, PT. SE, SK. 

[Continued on next page] 



(54) Title: HYBRID SYSTEM ARCHITECTURE FOR SECURE PEER-TO-PEER-COMMUNICATION 



ID 



O 




13 
\ 



SERVER I 



I PEER SWITCH SBWERk ^^^ 
' ]>-19 



DATABASE 



PC1 

"H mMCROSOn OUTLOOK I 
- iPEERSVWTCHOUnOOKl 
H PEBt SWITCH CUENT | 



44 -N 



PC2 



LOTUS NOTES ~| 



H PEER SWITCH NOTES | 



PEER SWITCH aiHIT | 



"^ ^ APPUCATIONX 1 



25 
\ 



PC3 



^"^ H PEERSWITCHX I 



PEER SWITCH CUENTj 



27 



PC0RPDA4 



"^ ^PEER SWITCH PDAl 



(57) Abstract: The disclosed hybrid architecture provides secure peer-to-peer communication between devices such as computers 
(21), wireless devices, personal digital assistants (PDAs) (27), web enabled phones or the like. This architecture includes a server 
or Peer Switch (11), which acts as an intermediary to facilitate the session and provide authentication to ensure system security .In 
some cases it may also provide the capability necessary to traverse firewalls and deal with proxies and other obstacles to peer-to- 
peer communications. The hybrid architecture allows centralized administration and policy management of authentication, obstacle 
transversal and security methods, to ensure the overall system integrity required by business systems. Typical peer user devices 
implement peer client programming, for signaling communication with the server and for peer-to-peer communications with other 
peer devices. A web server (17) may also provide access via standard browsers (29), for users having devices lacking the peer client 
software. 



wo 03/014955 Al IIIIIHIIIIfiliHIiliilliiliilillllllllllilll 



TR), OAPI patent (BF, BJ, CF, CG, CI, CM. GA. GN, GQ, 
GW. ML, MR, NE, SN, TD, TG). 

Published: 

— with international search report 

— before the expiration of the time limit for amending the 
claims and to be republished in the event of receipt of 
amendments 



For two-letter codes and other abbreviations, refer to the "Guid- 
ance Notes on Codes and Abbreviations" appearing at the begin- 
ning of each regular issue of the PCT Gazette. 



lawcnnnin- ^u#n 



wo 03/014955 



PCT/US02/25030 



61782-022 

HYBRID SYSTEM ARCHITECTURE FOR SECURE 
PEER-TQ-PEER-COMMUNICATION 

Cross-Reference to Related Applications 

[0001] This application claims the benefit of U.S. Provisional Application No. 

60/310,825 entitled "PeerBook Architecture" filed on August 9, 2001, the disclosure of which is 
entirely incorporated herein by referrace. 

[0002] This application claims the benefit of U.S. Provisional Application No. 

60/310,826 entitled "Peer-to-Peer Shared Access to Microsoft Outlook Information" filed on 
August 9, 2001 , the disclosure of which is entirely incorporated herein by reference. 
[0003] This application also claims the benefit of U.S. Provisional Application No. 

60/310,830 entitled "PeCTMail Architecture" filed on August 9, 2001, the disclosure of which is 
entirely incorporated herein by reference. 

[0004] This application also claims the benefit of U.S. Provisional Application No. 

60/315,986 entitled "Protocol for Communicating Between a PeerBook Client Process and a 
PeerSwitch Server Process" filed on August 31, 2001, the disclosure of which is entirely 
incorporated herein by reference. 

[0005] This application also claims the benefit of U.S. Provisional Application No. 

60/316,008 entifled " Protocol for Communicating Between a PeerBook Chent Processes" filed 
on August 31, 2001, tiie disclosure of which is entirely incorporated herein by reference. 
[0006] This application also claims the benefit of U.S. Provisional AppHcation No. 

60/316,039 entitled "Process by which One Compute FaciUtates or Brokers the Creation of a 
TCP/IP Connection Between Two Other Computers" filed on August 31, 2001, the disclosure of 
which is entirely incorporated herein by reference. 

[0007] This application also claims the benefit of U.S. Provisional Application No. 

60/338,640 entitled "Process for Establishing a Virtual TCP/IP Connection" filed on December 
1 1, 2001 the disclosure of which is entirely incorporated herein by reference. 
[0008] This application also claims the benefit of U.S. Provisional Application No. 

60/353,204 entitied "Process for Establishing a Virtual TCP/IP Connection Using a PeerProxy" 
filed on February 4, 2002, the disclosure of which is entirely incorporated herein by reference. 



BNSDOCID: <WO 03014955A1_I_> 



wo 03/014955 



PCT/US02/25030 



2 

Field of Invention 

[0009] The present subject matter relates to techniques, software and equipment for 

enhancing a variety of peer-to-peer communications services, as may be conducted via diverse 
end-user devices. 

Background 

[0010] The development and recent widespread accq>tance of the public Intemet has 

revolutionized tiie way people communicate. Technically, the Intemet is a large constellation of 
interconnected networks, which raable digital communications between linked computes that 
may be located virtually anywhere on the planet. One common use of the Intemet relates to 
accessing publicly available or "posted** information on Intemet web sites. An individual creates 
and publishes a Web page and any linked multimedia content by storing the information on a 
web server and publishing the URL (Universal Resource Locator) needed to link to and access 
the material on the web server. From a user's perspective, once the web site is posted and 
available, the Intemet serves as a presentation tool that allows jx&ers to find, access and review 
the information on the page and die linked content, 

[0011] Another common use of the Intemet relates to electronic mail or "e-mail," For 

this type of conmiunication, a user composes an electronic message using conmionly available 
electronic mail software. By specifying one or more Intemet e-mail addresses of the intended 
recipient(s), the user simply activates the programmed terminal to transmit the message through 
the network. The message is then routed through the Intemet, via one or more e-mail SCTvers, 
until notice of the message arrives at the destination computing device. The intended recipient 
activates her temiinal to retrieve and review the message and any attached documents. 
[0012] The common forms of Intemet usage, such as the web access and e-mail 

communication, have become virtually ubiquitous tools of modem business Ufe, and they are 
becoming increasingly common in modem households in many countries. In one form or 
another, these common fonns of communication typically rely on a "cUent-server" 25)proach. 
The end user operates a computer or other terminal that runs a client application, such as an e- 
mail program or web browser, that enables the user's device to communicate throng the Intemet 
with another computer running a corresponding server appUcation. At the Tninimnm, with such 
an approach, to exchange information from one end user to another requires that the first user 
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upload information to the server and the second end user to obtain the information from the 
s&rver. 

[0013] The Internet also provides a means for establishing a commxmication link between 

two remote computers for ••peer-to-peer" or one-to-one communication betweai devices. Such 
peer-to-peer sessions allows two computer users to conduct a conversation (e.g. instant 
messaging, voice telephony over the iitemet or video conferencing), exchange files, or 
participate in real-time gaining, without ongoing uploading and downloading via a server. For 
live interactivity, establishing a peer-to-peer conamunication session througji the Internet, 
however, may be difficult, and a number of common security systems and the like can further 
complicate or completely inhibit such peer-to-peer communications. 

[0014] In the past, a user desiring a peer-to-peer session needed to schedule in advance a 

time when both uscts would connect to ttie Intemet At the appointed time, the first user would 
connect to the Intemet to publish her dynamically assigned Intemet Protocol (IP) address using 
an address location service. The second user would flien connect and use the same address 
location service to lookup the network address of the first user. Alternatively, after connecting to 
the Intemet the first mer may manually lookup Iheir temporary network address and 
communicate it to the second user. Assuming both users are simultaneously connected, .the two 
remote users could then establish a peer-to-peer coimection. Comparable to trying to meet 
. someone at an airport, this process is complicated, fiiistrating and unpredictable. 
[0015] The peer-to-peer model also has been used to provide distributed content-sharing 

or file-sharing, for exchanging data among large numbers of users. In peer-to-peer sharing 
networks, each computer or node can operate as a hub, having both client and SCTver 
functionality. To implement such sharing each node has a list of addresses, typically IP 
addresses, of other nodes or peers in the group. These nodes can directly communicate with each 
other without a central or intemiediate server. As shown by this discussion, however, all of the 
nodes that participate must know of die addresses of the other nodes. 

[0016] Modem society also is becoming increasingly mobile. Particularly among the 

"professional" ranks. Mobile workers require access to the same data resources they have in 
then home of&ce as well as communications with their cUents and coworkers. Hence, for mobile 
professionals and increasingly for private individuals, there is an increasing need for a more 
flexible and sophisticated data access. Many new communications services have emerged, to 
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allow people to communicate fireely as fhey roam, wifliout the need for a fixed network 
connection. These newer, services adequately address issues relating to many typical client 
server type commimications, however, mobility further complicates problems relating to peer*to- 
peer sessions. For example, the added dynamics of the addressing to and from mobile terminals 
further complicates establishment of the peer-to-peer relationi^p. 

[0017] Modem mobility also gives rise to situations where a professional or other person 

needs to remotely access and/or control the person's PC or other computer m their office or place 
of residence. Certain of the systems for such remote access often require a remote computer to 
commimicate with the host computer or home-network via a telephone line and modem. To 
enable such remote access, both the host computer and the remote computer must have matching 
remote control application software, such as PC Anywhere® or Laplink®. Alternatively, 
establishment of a remote access session through the Internet requires a peer-to-peer session via 
the Intemet, If the user prefers the Intemet peer-to-peer approach (instead of a direct dial-up 
modem Unk), the remote access attempt runs into all the above discussed problems with 
establishing a peer-to-pe^ connection. 

[0018] As noted above, a nimiber of common security systems and the like can further 

complicate or completely inhibit peer-to-peer communications. For example, some firewalls 
and/or proxy servers block certain types of mess^e exchanges commonly used to establish peer- 
to-peer sessions, for example, because one of the necessary addresses is blocked or unknown to 
the firewall. Hence, if one of the peers is behind the firewall or proxy server, the normal session 
set-up techniques are ineffective. 

[0019] Clearly, there is a need for better techniques for peer-to-peer communications 

between disparate types of terminals, many of which may at least at times be mobile. In any 
effort to address such a general need, there are a number of goals to strive toward. One such goal 
is to facilitate effective and easy collaboration between people working on computers or other 
user devices through the sharing of files, email, and other information. The architecture and 
methodology should facilitate easy session establishment, yet provide security. The peer-to-peer 
communications also should allow a person to access the files, emails, and other information on 
his or her normal computing device, or control that device from a remote location from a number 
of different kinds of devices, such as PDAs, web enabled mobile telqphones, and remote PCs. 
The peer-to-peer communications should achieve these goals in communications across a variety 
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of network obstacles (e.g. firewalls, proxy servers, NAT, and slow wireless connections) that 
otherwise make the peer-torpeer communications difficult, if not inipossible, to accomplish with 
existing technology. Another goal is to allow the peer-to-peer communications to be extensible 
through the use of software development kits (SDKs) or plication programming interfaces 
(APIs) to support access to tihird-party appUcations. 

SiiTmnarY 

[0020] The inventive concepts meet one or more of the above noted needs and address 

one or more of the problems with services relating to peer-to-peer communications. Ck>ncepts 
disclosed herein relate to mefliods, software and systems for cabling session set-up and 
conducting peer-to-peer communications. The concepts support a variety of peer-to-peer 
communications, such as information sharing, remote control, conferencing, instant messaging, 
and the like. Also, the embodiments of the peer-to-peer bonununications techniques facilitate 
such service appUcations among a wide range of common peer user devices, which in turn may 
access the data network in a variety of different ways. The disclosed embodiments provide 
useful tools for ytianaging peer-to-peer communications and shared information as well as 
techniqxies for establishing peer-to-peer communication sessions aoross cormnon obstacles, such 
as firewalls and/or proxy servers. 

[0021] A disclosed system embodiment provides peer-to-pe«r communication services 

via a data network, such as tiie Internet. The system con^rises peer devices and a peer server. A 
peer device has a user interface and a network interftu^e, for enabling commimications over the 
.data network. The peer server is coupled for data communication via the data network. The peer 
server provides session establishment services for the peer devices. Typically, a peer device has 
a programmable controller and program storage, which contains a peer client program. The peer 
client program enables the peer device to conduct signaling comniunications with tiie peer SCTver 
and to conduct a peer-to-peer conmiunication in a session with an other one of the peer devices. 
[0022] In disclosed embodiments, the system also includes a web server for providing a 

web page interface for a browser implemented by one of the peer devices, which lacks the peer 
client program. The web server also provides a proxy peer client program for use by that peer 
device. The proxy peer client program and the web page interface enable signaling 
communications with the server as well as a peer-to-peer communication via the web server with 
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an other one of the peer devices via the data network, for example, analogous to communications 
by a device having its own internally stored peer client program. 

[0023] As noted, the peer-to-peer communications include a wide array of different types 

of communications that users may desire to exchange between their peer devices. Examples of 
such communications include: file sharing, folder sharing, e-mail message transfer, instant 
messaging, remote control, voice conversation, and video conferencing. The system enables 
users to access the various peer services firom different types of computing devices. Disclosed 
examples include: personal computers (desktops and/or l^tops), personal digital assistants and 
wireless mobile telephone devices. 

[0024] In the disclosed embodiments, the peer server maintains a database of users and 

information as to which peer devices are on-line at a given time. The signaling communications 
include signaling to the peer devices of on-line status of oth^ peer devices. Implementations of 
the service involve identifying users (and their peer devices) as members of respective 
communities, and defining sub-groups of community memb^ as separate teams, for example, 
for sharing of files and folders. 

[0025] Disclosed ^nbodiments of the peer cUent program comprise a peer service 

manager routine and a peer service user interface program. The peer service manager routine 
manages accessing of local information on the user device, for ocample, for sharing via the peer- 
to-peer communications. The manager also handles network connections, for the signaling 
communications and for the peer-to-peer communications. The peer service user interface 
program acts as a firont-end for flie peer service manager routine. In PC embodiments of the peer 
client program, the peer service user interface program implements an application program 
interface, for interaction with another program in the user device having a user interface 
functionality. Typically, the other i^lication program is a phonal information manager (PIM), 
such as Microsoft Outlook. 

[0026] Embodiments of the web server comprise a user interface program sitpporting 

browser interaction via the data network, typically in the form of a web page server program. 
The web server also runs a web implementation of the peer client program, including a peer 
service manager routine. The disclosed browser access via the web server supports common 
types of personal computer browse, personal digital assistant browsers and wireless application 
protocol browsers. 
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[0027] Hence, a disclosed hybrid architecture for a Peer Switch System provides secure 

peer-to-peer communicatioii between diverse end user devices, such as computers (desktop, 
handheld and laptop), wireless devices like Personal Digital Assistants (PDAs) or web enabled 
phones, or other devices. G^erally, "Peer-to-Peer** systems are pure systems where one device 
communicates directly with another device or peer. The inventive design includes a server or 
Peer Switch, which acts as an intermediary to faciUtate the connection and provide authentication 
to ^isure system security. In some cases it may also provide the cq>ability necessary to traverse 
firewalls and deal with proxies. Network Address. Translation (NAT) and other obstacles to 
communications. This architecture allows centralized administration and policy management of 
authentication, firewall transversal and oth^ security methods to ensure the overall system 
integrity required by business systems. 

[0028] The inventive peer-to-peer service concq)ts encompass methods and systems for 

implementing the disclosed service features, for example, including specific serv^ 
implementations and specific user device implementations. Other examples include method 
embodiments for brokering connections between peers wherein one or both of the peers reside 
behind a firewall or behind a proxy server. 

[0029] For example, one disclosed method CTables estabhshment of a desired connection 

for a peer-to-peer communication session through a network, between an originating peer device 
. and an intended destination peer device, where at least the intended destination peer device is 
behind a firewall. The originating peer device communicates a request for a desired connection 
with the intended destination peer device, to a broker device. This first request provides the 
broker device with session related data assigned by the originating peer device, such as the port 
number that device intends to use for tihe session. The broker sends a request to establish the 
coimection, to the intended destination peer device. This second request forwards the session 
related data assigned by the originating peer device, to the intended destination peer device. In 
response, the intended destination peer device sends an acceptance to the broker device. The 
acceptance includes session related data assigned by the intended destination peer device, such as 
the port number that will be used by that device. The broker sends an acknowledgment, to the 
originating peer device. This acknowledgment contains provides the session related data 
assigned by the intended destination peer device. 
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[0030] The two peer devices both attempt to initiate a direct peer-to-peer session. 

However, any firewalls that may be in fix)nt of such devices will typically block session set-up 
messages that do not originate from devices behind the firewalls. In the disclosed methodology, 
the originating peer device sends an initial session packet of the desired connection with the 
intended destination peer device tiirough the data network. Normally, the packet would go 
toward the destination device, but the associated firewall would block the packet. In the 
embodiment, however, this transmission is ad^ted so that the packet is received by the broker 
device. In a similar manna:, the intended destination peer device also srads an initial session 
packet through the data network, in such a manner that it is received by the broker device. The 
broker device formulates and forwards acknowledgements of the initial session packets to the 
respective devices, after which, the originating peer device and the intended destination peer 
device conduct peer-to-peer communications through the network, via the established session 
link. 

[0031] Another inventive method establishes a desired coimection for a peer-to-peer 

communication session through a network between an originating peer device and an intended 
destination peer device, where flie devices reside behiad proxy servers. In the disclosed 
embodiment, the origioating peer device sends a request for a connection to a broker server. The 
broker server generates two random values and supplies those numbers to a peer proxy. In the 
disclosed embodiment, the peer proxy may be a fimction of the peer server or of anther server on 
the network. Those skilled in the art will recognize that the pe^ proxy functionality may reside 
in any device or node accessible via the network. The broker provides one of the random values 
to each of the originating peer devices. 

[0032] Typically, peer proxy servers will not allow establishment of session connections 

in response to incoming requests. The proxy servers enable establishment of only outgoing 
connections. The originating peer device initiates a first connection, across a first proxy serv^, 
to the peer proxy. To the first proxy server, this would look like a normal outgoing connection. 
As part of the related signaling, the originating peer device sCTids the first random number to the 
peer proTcy. The intended destination peer device similarly initiates a second connection to the 
peer proxy and sends the second random value to the peer proxy. To the second proxy server, 
this also would look like a normal outgoing connection. In response to receipt of the random 
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values from the two peer devices, the peer proxy cables communications between the first and 
second connections, for example, by logically coupling the two connections togettier. 
[0033] Additional inventive concqpts relate to software or program products, for 

example, implementing the peer client functionality. A software or program product includes 
information, which may be carried by at least one machine-readable medium. The information 
carried by the medium may be executable code, one or more databases and/or information 
regarding shared files or the like. In disclosed anbodiments of program products intended for 
user devices, the information comprises executable code for causing one or more programmable 
devices to implement the peer manager and the peer user interface. 

[0034] A computer or machine readable medium, as used herein, may be any physical 

element or carrier wave, which can bear instmctions or code for performing a sequence of steps 
in a machine-readable form or associated data. Examples of physical forms of such media 
include floppy disks, flexible disks, hard disks, magnetic tape, any other magnetic medium, a 
CD-ROM, any other optical medium, a RAM, a ROM, a PROM, an EPROM, a FLASH- 
EPROM, any other memory chip or cartridge, as weU as media bearing the software in a 
scannable format A carrier wave type of medium is any type of signal fliat may carry digital 
information representative of the data or the instructions or code for performing a sequence of 
steps. Such a carrier wave may be received via a wireline or fiber-optic network, via a modem, 
or as a radio-firequency or infrared signal, or any other type of signal which a computer or the 
like may receive and decode. 

[0035] Additional objects, advantages and novel features of the embodunents will be set 

forth in part in the description which follows, and in part will become apparent to those skilled in 
the art upon examination of the following and the accompanying drawings or may be learned by 
production or operation of the embodiments. The objects and advantages of the inventive 
concepts may be realized and attained by means of the methodologies, instrumentalities and 
combinations particularly pointed out in the appended claims. 

Brief Description of the drawings 

[0036] The drawing figures depict prefenred embodiments by way of example, not by 

way of limitations. In the figures,, like reference numerals refer to the same or similar elraients. 
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[0037] Fig. 1 is a simplified block diagram of devices enabling and conducting peer-to- 

peer communications in accord with an embodiment lefeired to herein as a Peer Switch 
embodiment. 

[0038] Fig. 2 is a functional block diagram of networks and hardware systems that may 

be involved in implemratation of the peer-to-peer communications of Fig. 1 . 
[0039] Fig. 3 is a simplified block diagram of a general purpose computer, for example, 

usable as one of the users* personal computers in Fig. 2. 

[0040] Fig. 4 is a simplified block diagram of a general purpose computer, for example, 

usable as one of the servers in Fig. 2. 

[0041] Fig. 5 is a simpUfied block diagram of a wireless mobile telephone device, usable 

in the system of Fig. 2. 

[0042] Fig. 6 is a simplified block diagram of a portable hand-held computing device, 

such as a personal digital assistant (PDA) with wireless communications capabiUties, xisable in 
the system of Fig. 2. 

[0043] Fig. 7 is a simplified block diagram of Peer Switch cUent software, as may be 

used in the embodim^t of Fig. 1 

[0044] Fig. 8 illustrates an exemplary user interface screm, usefiil in an embodiment 

such as that of Fig. 1. 

[0045] Fig, 9 is a simplified block diagram of exemplary Peer Switch web server 

software, as may be used in the embodiment of Fig. 1 

[0046] Figs. lOA and lOB illustrate two browser display screens, as might appear on a 

PDA, when accessing the Peer Switch web server in the embodiment of Fig. 1. 
[0047] Fig. 11 is a block and signaling link diagram usefiil in explaining certain 

procedures for conducting peer-to-peer sessions between Peer Switch clients in the embodiment 
of Fig. 1, e.g. where one or more of the peers are behind a firewall. 

[0048] Fig. 12 is a block and si gnaling link diagram useful in explaining a process of 

establishing a peer-to-peer session via a peer proxy, to insure session establishment where the 
two peers are behind proxy servers.. 

[0049] Fig. 13 is a simplified fimctional block diagram illustrating the elements involved 

and the commimications conducted, in a PeerMail embodiment 
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[0050] Fig« 14 is a simplified functional block diagram illustratiiig the software 

architecture utilized in the PeerMail embodiment of Fig. 13. 

Detailed Description 

[0051] The various embodiments disclosed herein relate to systems, techniques and/or 

software products for implementing different peer-to-peer conmiunications and associated 
services. In the embodiments, a server provides addressing and signaling services to assist in 
establishing peer-to-peer sessions. The server authenticates all users and may perform other 
seciuity related functions, such as providing digital certificates to peer devices so as to facilitate 
mutual authentication. A user may log-in firom two or more conqsuters that are on-line at the 
same time, for example, to allow a mobile user to control his home or office PC fi'om a mobile 
computing device. Most user devices will run a peer service client application. The {^plication 
may be specifically ad^ted as a standalone program to run on the particular device, e.g. on a 
particular brand of PDA. In most cases, the peer service application runs within an otherwise 
standard/existing phonal information manager (PIM) program resident on the user's PC or the 
like. However, fi^r access &om devices without such a pe^ service client, the same or a second 
server provides a web interface. The web server provides standard w* browser interactivity to 
the user but runs a peer service client application to allow access to the peer-to-peer 
communication services. To a peer device, the combination of the device with the browser and 
the web servo: appears to be a peer device. 

[0052] In the embodimmts, the peer-to-peer services provide commimications to other 

persons (or their devices) witiiin established groups, referred to as commxmities. Smaller groups 
(teams), within a community, share information. The embodiments support a variety of peer-to- 
peer communications between users, including file sharing, instant messagmg, remote control 
and the like. 

[0053] Reference now is made in detail to the presentiy preferred embodiments, 

examples of which are illustrated in the accompanying drawings and discussed below. As noted, 
the peer-to-peer service involves commimications between a variety of end user devices, where 
the users are members of commimities and teams; and appropriate application servers facilitate 
the peer-to-peer services. For discussion purposes. Fig. 1 illustrates an implementation of a 
hybrid "Peer Switch" architecture that enables peer-to-peer communications between diverse 
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data communications devices across netwoik boundaries, and in some case, across boundaries 
such as firewalls. The architecture is "hybrid" in that it utilizes client-SCTver communications for 
some functions (e.g., signaling for session set-up and for web access) and uses peer-to-peer 
communications for most conomunications between end users and/or between peer devices. 
[0054] The illustrated Peer Switch embodiment 10 consists of three principal 

components, the Peer Switch functionality 11 implemented in server 1 (13), the Peer Switch 
cUent implemented in various chent devices, and the Peer Switch web server 15. As shown, the 
system utilizes two servers, server 1 (13) performs the Peer Switch functions 11, whereas server 
2 (17) performs the peer web server functions 15. Those skilled in the art will recognize that one 
physical server computer might perform both of these functions (11 and 15), or the 
functions/servers could be rephcated at various nodes throughout the data network. 
[0055] The Peer Switch functionality (11) is responsible for authenticating users into a 

Peer Switch community, and for several administrative activities including presence mapping. 
For these operations, the server 13 typically maintains an associated database 19. 
[0056] The Peer Switch client, or peer, resides on the user's PC, PDA or other data 

device. The example in Fig. 1 includes five peers. The first three peers 21, 23 and 25 are PCs. 
PCs 21, 23 and 25 run Peer Switch client appUcations 31, 33 and 35, as well as other 
applications. As shown in this example, the chent device 27 may be a PC or a PDA, and in this 
. example, the device 27 runs the a Peer Switch client 37 adzq^ted for PDA operation. In each 
case, the Peer Switch cUent 31, 33, 35 or 37 carries out the majority of functions between itself 
and other peers or between itself and the server 1 1 . 

[0057] The fifth exemplary cUent device 29 also may be a PC or a PDA, but for piuposes 

of this discussion, it is assumed that the device 29 runs only a web browser application. The 
Peer Switch Web functionaUty 15 provides access to the Peer Switch community, remotely 
through a web server, for example via the browser apphcation 39 in the client device 29. To that 
end, the web server 15 implements a web interface 41 to the browser as well as a Peer Switch 
chent 43, such that the server 17 effectively becomes a client-proxy for the device 29 that lacks 
its own cUent j^plication. 

[0058] The Peer Switch OTibodiment 10 utilizes a number of different types of logical 

communication connections, as depicted in Fig. 1. For convenience of discussion, the different 
connections are marked with a letter code. The C coimections extend between peers and the Peer 
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Switch 11. Iiifonnation conununicated through such a connection includes user audientication, 
presence mapping, and peer-to-peer connection requests. The P connections are true peer-to- 
peer links that extend between pe^ devices. Infonnation communicated through such a 
connection includes email and file transf^, instant message sessions, and folder listings. H type 
connections extend between Web browsers on PCs or PDAs and the Peer Switch Web. 
[0059] The drawings show peer connections P, for the device 29, extending between the 

web server 17 and several other peer devices 21, 23 and 25. For convenience, peer connections 
that may be established between devices such as 21 , 23, 25 and 27 are omitted. 
[0060] The Peer Switch functionality 11 dynamically maintains a database 19 of usars, 

teams, and shares within a community. The "shares** for purposes of this discussion are files and 
folders that the peers make available for sharing with the other members of their team(s), as - 
established through the Peer Switch s«^ce. The Peer Switch 1 1 also authaiticates users into flie 
conmiimity and into respective teams estabUshed by community members. The peer users 
modify the infonnation available for sharing, and the members of the various communities and 
teams- change over time; and as a result, the Peer Switch functionality 11 must keep its records in 
database 19 current. 

[0061] As needed, ttie Peer Switch functionality 11 generates digital certificates on the 

fly, for example, when two cUents want to connect with each other so th^ can authenticate one 
. another. The server 13 also notifies users when shares and other users become available or 
unavailable. Several of these functions may involve a presence mapping of the users and their 
peer devices, by the Peer Switch server 11. The server 13 also stores and delivers notes sent 
between users within the community. Another function of the Peer Switch fimctioiudity 11 is to 
facilitate connections between peers, for example, when firewalls, proxies and NAT systems 
exist in the network between the peers. 

[0062] Members of the same community can directly commxmicate with each other via 

peer-to-peer sessions established using the Peer Switch services, for example, for instant 
messaging. Within a conmiunity, users can be sub-grouped into teams for sharing information 
stored on peer devices. Normally, a community consists of employees (and/or their remote 
controlled computers) from one company. However, a commimity or team is not limited to that 
scenario. In a business context, for example, business partners or key subcontractors or the like 
may be added to the working community or team. 
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[0063] Any computing device, which has the Peer Switph client software or is set-up for 

peer access using a browser and the web server, becomes a "peer*' device of the community that 
was defined during the community's registration process. The database maintains record(s) 
identifying the users/visers' devices and the association(s) thereof with the various estabUshed 
communities and teams. A computing device may be a member of more than one coimmmify. 
Any files or folders that are accessible firom a peer member of a community are eligible for 
sharing with community teams. Team members access the shared information ("shares") via a 
peer device using the Peer Switch client software or via a remote device 29 having a browser 39 
and using the Peer Switch web server 17. 

[0064] The intmt is for the generic Peer Switch client application to provide the same 

fimctionality, regardless of the particular device or software environment in which the 
apphcation runs. For example, Fig. 1 shows the three PCs 21, 23 and 25 running different 
applications for work sharing, typically various types of PIMs. In the example the first personal 
computer (PC 1) 21 runs Microsoft Outlook q>phcation 32, the second personal computer (PC 2) 
23 runs Lotus Notes application 34, whereas the third personal computer (PC 3) 25 runs some 
other PIM program referred to as "Application X" 36. However, the Peer Switch chents 31, 33 
and 35 are all the same apphcation (as substantially is the client 43). 

[0065] To provide appropriate inter-working between the generic Peer Switch cUent 

programs 31, 33 and 35 and the different user's PIM programs 32, 34 and 36 running on the PCs 
21, 23 and 25, each PC runs an interface program corresponding to the particular user 
communication program 32, 34 or 36. Typically, each such interface program or routine 
implements an apphcation programming interface (API), which provides a logical interface 
between the particular personal infomiation managers (PIM) or other user software and the 
generic Peer Switch client program. 

[0066] For example, in the first personal computer (PC 1) 21, the Peer Switch "Outlook" 

interface program 42 provides the necessary two-way program calls and responses to allow 
Microsoft Outlook 32 to interact with and communicate through the generic Peer Switch cUent 
application shown at 31. Similarly, in the second personal computer (PC 2) 23 the Peer Switch 
"Lotus Notes" interface program 44 provides the necessary two-way program calls and responses 
to allow Lotus Notes 34 to interact with and commxmicate fliiough the generic Peer Switch cUent 
application shown at 33. The Peer Switch interface for program X 46 provides the necessary 
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two-way program calls and responses to allow the particular Application X 36 to interact with 
and conrniuiiicate through . the generic Peer Switch client application shown at 35, in the third 
personal computer (PC 3) 25. 

[0067] As shown and discussed, the embodiment (Fig. 1) uses a common personal 

information manager or PIM, e.g. Microsoft Outlook, as a user interface (UI) application. For 
example, users ahready fanoiliar with Outlook do not need to learn a new UI to use the peer 
system 10. However, the system is designed to allow it to be incorporated into other personal 
information manage (PIMs) and applications ther^y making it easier to learn and use. For 
example, the illustrated system architecture of the Peer Switch CTabodiment 10 is designed to 
allow other interfaces such as Lotus Notes or other viser interfaces. 

[0068] As shown, the server 17 also runs a version of the generic Peer Switch client 43. 

The program 41, however, provides the appropriate int^iiace to the web server functionality 15 
and the ability to provide multiple instances of the program 41 for use by a number of users 
accessing ttie Peer Switch communities via the web server 15 and their standard PC web 
browsers 39. The version 43 of the Peer Switch client differs from the other cli^t programs in 
that it may be operated substantially simultaneous for a relatively large number of users, having 
browser ready devices 29 that may not include tiieir own client programming. 
[0069] Several other useful features of the disclosed Peer Switch embodiment (Fig. 1) 

should also be noted at this time, although more details are provided later. For example, security 
is implemented on every network cormection made by the system. Digital certificates are used 
for authentication, strong encryption is used to secure peer-to-peer sessions, and SSL is used to 
secure Web sessions. The Peer Switch embodiment also incorporates technology that allows it 
to estabUsh coimections between peers that are s^arated by network security devices such as 
firewalls and NAT. By establishing network connections directly between clients (i.e. peer-to- 
peer connections P), the Peer Switch OTibodiment 10 creates little or no overhead for servers. 
Information is shared directly from PC to PC or PC to other remote device. 
[0070] As noted, users are grouped within communities. A community is a group of 

users that can potentially establish connections and share information with each other. A user 
can be a member of more than one community; however, two users must be members of the 
same community in order for them to establish a cormection with each other. Within 
communities, users establish teams. A team is a group of users from the same community who 
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share infomiation. A us&r shares information with other users by sharing that information with a 
team. Infomiation shared with a team is accessible to all members of that team. Users can be 
logged onto a commimity multiple times fiom differmt PCs or devices at the same time. Shares 
offered by a user are distinguished by machine name as well as by user. A user can access his 
own information remotely by sharing that information with a team that contains only him (and 
thus all devices he may use). When accessing the system remotely, he accesses not only his 
privately shared information, but also any and all information shared with him within the 
community. 

[0071] As noted. Fig. 1 illustrates a nimiber of the devices that may utilize the peer-to- 

peer commxmications and the logical links between such devices and between the Peer Switch 
related functionalities. The links extend through a data communication network or networks. 
Although adaptable to intranet and private virtual network environments, the embodiments 
utilize Internet commimications. Hence, on a physical layer, the logical communications shown 
in Fig. 1 extend through the public wide area packet switched data network known as the 
Internet, and in some cases, through various additional networks that connect to the public 
Internet. To fully appreciate the logical communications, it may be helpful to consider the 
physical networking involved. Fig. 2 is a simpUfied diagram illustrating several different types 
of devices that may be involved in flie communications outlined above relative to Fig. 1 and 
.networks that may transport such communications. It is assumed that those skilled in the 
relevant arts are fanaiUar with the devices, the networks and the meanus of communications, 
therefore only a brief summary discussion is provided here. 

[0072] The Intemet 51 generally consists of linked Autonomous System type packet data 

networks. The Autonomous System are owned and operated by Intemet Service Providers 
(ISPs). Information providers and other on-line service providers operate servers, many of 
which now connect to the Intemet 51 via high speed lines, such as T1/T3 and the like. In the 
example of the Peer Switch embodiment 10 of Fig. 1, the peer-to-peer communications utilize 
two servers 11 and 17; and Fig. 2 shows those servers connected for communication via the 
Intemet 51. 

[0073] End users may operate a variety of different types of devices, which have data 

communications cspabilities; and Fig. 2 shows just a few examples. As shown, a user may have 
a desk top type personal computer (PC) 53, which will function as one of the Peer Switch clients 
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or as a PC with just a browser, as discussed above relative to Fig. 1. The user's desktop PC 53 
may connect through the Intemet 51 via a local area netwoiic: (LAN) 57 or any other convenient 
wired or wireless access network. 

[0074] The drawing also shows a laptop PC 59. The laptop PC 59 is generally similar to 

the desktop unit 53, but the l^top 59 is designed for portability. Typical laptops connect to a 
local area network in the office (or home), but when the user travels, such a device 59 will often 
utilize a built-in modem to initiate dial-up access to an ISP modem pool on the Intemet 51, via 
the public switched telephone network (PSTN) 61 or via a wireless data network. PSTN 61 
normally provides voice telephone service to and from stations represented by exemplary 
telephone 63. However, flie telephone-based modem c^ability built into PCs" such as 59 (or 53) 
allow a user to access the Intemet 51 from virtually any location having telq)hone service. 
[0075] Modem wireless communications networks, represented by the mobile network 

65 in the drawing, also provide data communications services to and from a variety of mobile 
devices. Such mobile user devices may include PCs with appropriate wireless modems. For 
purposes of disciission here, the mobile network 65 provides mobile wireless communications to 
a web enabled mobile telephone or "handset" 67 and to a personal digital assistant (PDA) 69. 
[0076] The constmction of a mobile wireless communication network 65, today, 

typically includes a number of base stations 71 dispersed throughout the service region. The 
.geographic service region may be thought of as made up of a nvunber of individual radio 
coverage areas, which typically are called "cells." Within each cell, a base station 71 provides 
two-way radio communications through its RF front end, essentially for its assigned coverage 
cell. The users' mobile stations 67, 69 communicate over-the-air, via a standard air-link interface 
protocol, with one or more of the base stations 7 1 . 

[0077] Groups of base stations 71 connect to base station controllers, and each base 

station controller connects to a mobile switching center. In some networks 65, the base stations 
connect directly to the mobile switching caiter. In either case, the mobile switching center in 
tum provides switching between the base stations 71, for example for communications between 
mobile subscriber stations, as well as switching of communications to and from the public 
switched telephone network and other mobile switching centers. Modem versions of such 
networks 65 also include one or more nodes of the network that provide a packet switched 
coupling to the Intemet 51. 
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[0078] For functions involving access or rraiote control from a wireless device, such as 

tiie mobile telephone 67 or4he PDA 69, the Peer Switch architecture utilizes spsre PC processing 
power and PC bandwidth to overcome slow wireless netwoik connections that plague traditional 
wireless data applications. Using Peer Switch, for example, tiie web-enabled mobile telephone 
67 becomes an extended PC keyboard, for example, for remote control of a desktop PC 53 in the 
us^s home or office. Feedback to the phone 67 is provided by carefully formatted text 
messages instead of screen graphics. 

[0079] For example, in the Peer Switch embodiment, the web-enabled mobile telephone 

67 could locate and forward a 2MB file on a person's computer 53 in a few seconds using a 
wireless connection throu^ the network 65. Following this, the remote worker can add and 
update calmdar items in Miax>soft Outlook. These schedule changes may be made directly on 
die user's PC 53 and are instantly available to authorized co-workers and business partners who 
are members of the community/team of the user. 

[0080] The end user devices 21, 23, 25, 27 and 29 (Fig. 1) may be implemented in the 

different physical devices 53, 59, 67 and 69, shown in the network diagram of Fig. 2. The 
various end user devices and the severs shown in the drawings are fairly well known general 
purpose computers and/or mobile computing devices. It is assumed that those of skill in the 
relevant arts will be famiUar with the structure, programming and operations of such devices. 
However, to insure adequacy of the teaching here to various readers, it may be helpful to briefly 
review the relevant technologies. 

[0081] Fig. 3 is a functional block diagram of a PC or workstation type implementation 

of a system 151, which may serve as one of the user terminals, such as computer 53 or 59 in Fig. 
2 (or the various PCs in Fig. 1) for accessing the Peer Switch services and conducting peer-to- 
peer communications. 

[0082] The exemplaiy computer system 151 contains a central processing unit (CPU) 

152, memories 153 and an intercomiect bus 154. The CPU 152 may contain a single 
microprocessor, or may contain a pluraUty of microprocessors for configuring the computer 
system 152 as a multi-processor system. The memories 153 include a main memory, a read only 
memory, and mass storage devices such as various disk drives, tape drives, etc. The main 
memory typically includes dynamic random access memory (DRAM) and high-speed cache 
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memory. In operation, the main memory stores at least portions pf data and of instructions for 
execution by the CPU 152. 

[0083] The mass storage may include one or more magnetic disk or tape drives or optical 

disk drives, for storing data and instructions for use by CPU 152. For a home PC, for example, 
at least one mass storage system 155 in the form.of a disk drive or t£^ drive, stores the operating 
system and application software as well as data, including received messages and documents. 
The mass storage 155 within the computer system 151 may also include one or more drives for 
various portable media, such as a floppy disk, a compact disk read only memory (CD-ROM), or 
an integrated circuit non-volatile memoiy adapter (i.e. PCMCIA adapter), to input and output 
data and code to and from tiie computer system 151. 

[0084] The system 151 also includes one or more input/output interfaces for 

communications, shown by way of example as an interface 159 for data conmiunications via the 
network 23. The inter£Eice 159 may be a modem for data communication via the PSTN 61 or via 
the mobile network 65, an Ethernet card or the like for communication via the LAN 57, or any 
other appropriate data communications device. The physical communication links ntiay be 
optical, wired, or wireless (e.g., via satellite or cellular network). 

[0085] The computer system 151 may further include appropriate input/output ports 156 

for interconnection with a display 157 and a keyboard 158 serving as the respective user 
interface. For example, the computer may include a graphics subsystem to drive the output 
display 157. The output display 157 may include a cathode ray tube (CRT) display or hquid 
crystal display (LCD). Although not shown, the PC type system typically would include a port 
for connection to a printer. The input control devices for such an implementation of the system 
151 would include the keyboard 158 for inputting alphanumeric and other key information. The 
input control devices for the system may further include a cursor control device (not shown), 
such as a touchpad, a mouse, a trackball, stylus, or cursor direction keys. The links of the 
peripherals 157, 158 to the system 151 may be wired connections or use wireless 
commxmications. 

[0086] Each computer system 151 runs an operating system as well as a variety of 

applications programs and stores data, enabling one or more interactions via the user interface, 
provided through elements such as 157 and 158, and/or over the network 51 to implement the 
desired processing for the peer-to-peer communication services. The rad-use computer 151, for 
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example, runs a general puipose browser £q>plication, and/or a PIM program or an e-mail 
program. In many cases,, the computer 151 will also run one or more instances of the Peer 
Switch client program and corresponding interface program(s), for the inventive peer-to-peer 
communications. Some PCs, however, will run a browser but not necessarily a peer client 
program. 

[0087] Fig. 4 is a functional block diagram of a general purpose computer system 251, 

which may perform tiie fimctions of flie sctvct 11 or ttie server 17 (or other host computer), or 
the like. The exemplary computer system 251 contains a central processing unit (CPU) 252, 
memories 253 and an interconnect bus 254, The CPU 252 may contain a single microprocessor, 
or may contain a plurality of microprocessors for configuring the computer system 252 as a 
multi-processor system. The memories 253 include a main memory, a read only memory, and 
mass storage devices such as various disk drives, tape drives, etc. The main memory typically 
includes dynamic random access memory (DRAM) and high-qpeed cache memory. In operation, 
the main memory stores at least portions of data and of instructions for execution by the CPU 
252. 

[0088] The mass storage may include one or more magnetic disk or tape drives or optical 

disk drives, for storing data and instructions for use by CPU 252. At least one mass storage 
system 255, preferably in the form of a disk drive or tape drive, stores the data and programming 
related to the Peer Switch functions. If the system 251 operates as the first server (Server 1) 13, 
the mass storage system 255 stores the Peer Switch SOTver ^plication 1 1 as well as the database 
19. If the system 251 operates as the second server (Server 2) 17, the mass storage system 255 
stores the Peer Switch web server apphcation 15, as well as the instance(s) 43 of the Peer Switch 
cUent and the Peer Switch web interface routine 41. The mass storage 255 may also include one 
or more drives for various portable media, such as a floppy disk, a compact disk read only 
memory (CD-ROM), or an integrated circuit non-volatile memory adapter (i.e. PCMCIA 
adapter) to input and output data and code to and from the computer system 25 1 . 
[0089] The system 251 also includes one or more input/output interfaces for 

communications, shown by way of example as an interface 259 for data communications via the 
network 51. The interface 259 may be a modem, an Ethernet card or any other appropriate data 
communications device. To perform as one or both of the servers 13, 17 for the peer-to-peer 
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service to a large number of end use customeis, the interface 259 preferably provides a relatively 
high-speed link to ttie Internet 51. 

[0090] Altfaougji not shown, tiie system 25 1 may further include appropriate ii^ut/ou^ut 

ports for interconnection with a local display and a keyboard or the like serving as a local user 
interface for programming purposes. Alternatively, the servor operations personnel may interact 
with the system 251 for control and prograntmiing of the system from remote terminal devices 
via the Internet 51 or some otiier network link. 

[0091] The computer system 251 runs a variety of spplications programs and stores 

relevant data; such as the above noted programs for the Peer Switch type peer-to-peer related 
communications services. Those skilled in the art will recognize that the computer system 251 
may run other programs and/or host other Internet service plications, typically web-based or e- 
mail based services. Also, each system 25 1 may be implmiented as a single computer systrai or 
as a distributed system having multiple appearances at different nodes on the Internet 51 . 
[0092] The components contained in flie con^>uter systems 151 and 251 are those 

typically fovmd in general purpose computer systems used as servers, workstations, personal 
computers, network tCTminals, and the like. In fact, these components are intended to represent a 
broad category of such computer components that are well known in the art. 
[0093] Fig. 5 is a functional block diagram of a simple mobile commimication device 67 

for use in the network of Figs. 1 and 2. Although the station 67 may be incorporated into a 
vehicle mounted mobile unit or into another device, such as a portable personal computer, for 
discussion purposes the illustration in Fig. 2 shows the station in the form of a handset 67. 
[0094] The mobile handset 67 functions as a normal digital wireless telephone station. 

For that function, the station 67 includes a microphone 341 for audio signal input and a speaker 
343 for audio signal output (see Fig. 5). The microphone 341 and speaker 343 connect to voice 
coding and decoding circuitry (vocoder) 345. For a voice telephone call, for example, the 
vocoder 345 provides two-way conversion between analog audio signals representing speech or 
other audio and digital samples at a compressed bit rate compatible with the digital protocol of 
the wireless telephone network communications. 

[0095] For digital wireless communications, the handset 67 also includes a digital 

transceiver (XCVR) 357. The present concepts encon:q3ass embodiments utilizing any digital 
wireless transceivers that conform to current or future developed digital wireless communication 



BNSDOCID: <WO__0301495SA1J_> 



wo 03/014955 



PCT/US02/25030 



22 

Standards. For example, tiie transceiver 357 could be a CDMA (IS-95), TDMA or GSM unit, 
designed for cellular or PCS operation via the network 65 shown in Fig. 2. In the near future, the 
digital transceiver 357 may be a CDMA transceiver that con^lies with the IxRTT standard or 
other future generation standard. The transceivCT 357 provides two-way wireless communication 
of infcomation, such as vocoded speech samples and digital message information. The 
transceiver 357 connects through RF send and receive amplifiers (not separately shown) to an 
antenna 359. The wireless mobile station 67 may include one or more additional transceivers, as 
shown in dotted line fonn, for operation in an analog mode or in accord with an alternative 
digital standard. 

[0096] As shown, the mobile telephone handset 67 includes a display 349 for displaying 

messages, a menu generated by a client browser program, caU related information, dialed and 
calling party numbers, etc. A keypad 347 enables dialing digits for voice and/or data calls and 
generating selection inputs keyed by the user based on the displayed meniL 
[0097] A microprocessor 351 controls all operations of the handset 67. The 

microprocessor 351 is a programmable device. The mobile handset unit 67 also includes a flash 
memory 353 alone or in combination with a read only memory (ROM) and/or a non-volatile 
random access memory (RAM) 355, for storing various software routines and mobile 
configuration settings, such as mobile idratification nxmiber (MIN), etc. In a present 
implementation, the random access memory RAM 355 stores an operating system, vocoder 
software, clieat browser software, device driver software, and call processing software, and may 
store other q)plication software, for example short message service software, e-mail software 
etc. For purposes of the inventive peer-to-peer commimications, the software may include a Peer 
Switch client, adapted for the handset, similar to the Peer Switch client (PDA) application 37, 
although it is envisioned that such devices can rely on the browser and the web server 17. The 
memories also store data, such as telephone numbers and other data input by the user via the 
keypad 347. The mobile handset 67 may also include an optional e^ansion slot 362, to add 
memory elements or to add other user selected ftmctional elements. 

[0098] Of particular note, the ^pUcation software and the transceiver 357 enable a user 

to operate the mobile xadt 67 to conduct two way data communications, via the mobile network 
65 and the Intemet 51. For purposes of discussions here, these data communications capabilities 
enable communications with server(s) 17 and/or 11 as well as peer-to-peer communications witii 
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devices operated by others in &e appropriate user group(s). If the mobile imit relies on the 
browser, rather than on internal peer cUent s^plications, the peer-to-peer communications go 
through the web server 1 7. 

[0099] Fig. 6 shows a handheld computing device 69, for example, in the form of a 

personal digital assistant ^DA). The handheld confuting device may be implemented as a 
personal organizer^ a palmtop computer, a computerized notepad, or the like. As such, the 
handheld computing device 69 may be any small programmable computing device. 
[0100] Typically, in a PDA implementation or the like, the device 69 has a 

microprocessor 45 1 or the like that is enable of running one or more application programs. The 
device 69 also has a display, and an mpni mechanism such as a keypad, a touch-sensitive screen, 
a track baU, a touch-sensitive pad, a miniaturized QWERTY keyboard, or the like. In the 
illustrated PDA embodiment, handheld conq)uting device 69 has a touch sensitive display screen 
449 and a limited number of input keys in the form of a keypad 447 or tiie like. The user 
operates the keys and uses a Snget or stylus (or similar implement) on the touch screai display 
449 to iiq>ut information to the device 69. The us&c observes information shown on the display 
screen of element 449. 

[0101] The PDA device 69 can also be inq)lemented with a digital wireless RF (radio 

frequency) transceiver 69 and/or one or more alternative wireless transceivers such as an IR 
. (infrared) transceiver. If operating via a pubhc mobile network, such as the network 65, tiie 
transceiver 457 could be similar to the transceiver 357 in the mobile handset 67- However, the 
device 69 may be designed to operate in a more localized environment, such as a wireless LAN. 
For exan^le, short-range wireless communication and personal area networks may be 
implemented on campuses, in commercial buildings, apartment buildings/complexes or even in 
individual homes. Currently, Bluetooth technology allows for the replacement of the many LAN 
cables or the like with short-range radio links and can be used to connect a laptop to a cellular 
telephone or between other devices such as printers, PDAs, desktops, fiax machines, keyboards, 
joysticks or virtually any other digital device and a desired connection to the Internet 51. 
Bluetooth radio technology further providjes a universal bridge to existing data networks, a 
peripheral interface, and a mechanism to form small private ad hoc groupings of coimected 
devices away from fixed network infrastructures. Designed to operate in a noisy radio frequency 
environment, the Bluetooth radio uses frequency hopping scheme to make the link robust. 
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Bluetooth radio modules avoid interference from^other signals by hopping to a new frequency 
after transmitting or receivmg a data packet. For operation in such an environment, the 
transceiver 457 might be a Bluetooth device. 

[0102] The memory of the device 69 generally includes both volatile memory (e.g., 

RAM 455) and non-volatile memory (e.g., ROM 453 PCMCIA cards, etc.). The device 69 may 
include other types of memory 462, such as flash memory, although h^dheld portable devices 
today do not typically include disk or t^e drives. 

[0103] An operatmg system is resident in the memory and executes on the processor 451 . 

The operating system provides a graphical user interface that presents appUcations and 
documents and receives user inputs via the touch sensitive display screen 449. The operating 
system enables execution of applications resident in the memory, both for local functions and for 
communications using the transceiver 457. The appUcations may include a browser 39 or 
preferably a PDA version of the Peer Switch chent 37 (see Fig. 1), to enable the inventive peer- 
to-peer communications. 

[0104] Fig. 7 shows the implementation of an exemplary Peer Switch client. The Peer 

Switch chent carries out the majority of functions provided by the system. The diagram (Fig. 7) 
shows the high-level software architecture of the chent. The Peer Switch chent consists of two 
principal components, the chent Manager and the user interface (UI). The Peer Switch chent 
Manager carries out most of the chent functions, includhig accessing local infomiation on the PC 
for sharing, and handling all network connections. These functions are described in more detail 
below. There is one Manager for each user device. 

[0105] The embodiment of Fig. 7 represents an implementation for a PC or the like, 

which runs other apphcation programs. Here, the Peer Switch UI component runs within the 
PIM and acts as a front-end to the Manager. The Peer Switch chent is designed so that the UI 
components could be written for any number of PIMs or other appUcations, e.g. Lotus Notes or 
Eudora. There can be more than one instance and/or type of Peer Switch UI conq)onent running 
on a PC and communicating with the one Manager at a given time. 

[0106] At the core of the Peer Switch chent is the Peer Switch Manager. It is typically 

started when an associated PIM or apphcation is started. For purposes of this discussion, it is 
assumed that the user's device runs ACcrosofl Outlook as the PIM. When the Peer Switch 
Manager is started, it first attemqjts to login to all registered Peer Switches 11. Once logged in. 



BNSIXCID:<WO 03014955A1 I > 



wo 03/014955 



PCT/US02/25030 



25 

the connections betwem the Manager and the servers 13 are persistent Each Peer Switch 11 
downloads the list of shares and other users that are available to the user from fliat community. 
As other users login and out of the Peer Switch, and as shares are cheated and deleted on the 
server 13, it notifies the Peer Switch cUent over this same coxmection. 

[0107] When the user wants to initiate a connection with another peer, either by 

accessing information on the peer, starting an instant message (IM) session with the peer, or 
another Peer Switch function, the Peer Switch client sends a message to tiie Peer Switch that is 
relayed to the targeted peca:, requesting a connection. In current embodiments, the request 
contains address and port data necessary to make the connection. The remote peer then initiates 
a network connection back to the requesting peer. The peer-to-peer connection is also persistent 
between the peers. All subsequent activity between the peers will occur over the same 
connection, until one or both peers log off. 

[0108] The Peer Switch UI component interacts with the user and displays all 

information and results throu^ the PIM or appUcation. Fig. 8 is a sample soreenshot of Peer 
Switch Outlook working within Microsoft Outlook. 

[0109] With such an embodim^t of the Peer Switch client, vrh&j the user opens 

Outlook, the Peer Switch service is started and the Peer Switch manager icon may be displayed 
in the Windows taskbar. Assuming that the user is an estabUshed peer member, the user can add 
the specific computing device to the community and login to the community. The Peer Switch 
server informs other active members of the community that the user is now online. As shown in 
drawing (Fig. 8), the peer shares appear as a 'PeerBook' folder (with sub folders for contacts and 
shared folders) in the Outlook folder list. 

[0110] The peer-to-peer services, particularly in embodiments adapted for 

implementation with Microsoft Outlook as the user's PIM, offer a PeerOutlook productivity tool, 
which is designed to provide the ability to securely share Microsoft Outlook information fi-om 
PC to PC and PC to PDA without storing data on a server. The PeerOutlook tool also provides 
remote access and management of Outlook information through any web-enabled device such as 
laptop 59, PDA 69 or mobile phone 67. 

[0111] Examples of functions that can be performed between Peer Switch clients include: 

[0112] Sharing Outlook Folders — ^AU of the types of information kept in Microsoft 

folders (i.e. the PST file), including email, calendar, task, note, and contact items, can be shared. 
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[01 13] Sharing Local PC Files— Any file or folder on flie local PC can be shared. 

[01 14] IM — ^Instant messenger sessions can be initiated between users. 

[0115] Notes — Users can send notes to each other. Notes sent to a user are stored on the 

Peer Switch server 13 and can be viewed everywhere the user logs onto the system. Notes are 

deleted explicitly by the recipient user. 

[01 16] PeerMail — Users can s^d mail directly to one another, bypassing traditional mail 
servers. Among the benefits of PeerMail are instant delivery and no restriction on the size of 
email messages or attachmrats. 

[0117] Remote Control — The system allows a user to perform control functions on his 

desktop TCTiotely fix)m another Peer Switch chent or the Web. The desktop is replicated on the 
remote device, and keyboard and mouse input events are sent back to the desktop, 
[0118] Additional Services — ^The peer-to-peer connection established between Peer 

Switch chents preferably is used to support several additional services, including voice over IP 
(VOIP), conferencing, multimedia streaming and Intemet chat 

[0119] Notification — ^The Peer Switch client, acting as an agent for the user on his PC, is 
used to support several notification services for events like emails received, appointments, 
instant message requests, etc. Notifications can be sent to pagers, mobile phones, unified or 
"follow me'* messaging systems, other PCs or PDAs, or through the Web. 

[0120] PeerOutlook is a component of flie Peer Switch suite of software productivity 

tools that provides secure peer-to-peer sharing and collaboration. The secure exchange of data 
between two peers has been addressed within the PeerOutlook architecture. Outlook information 
transferred between two peers is strongly encrypted and digitally signed to ensure that the data is 
not read or modified by other people. PeerOutlook does not require a Microsoft Exchange 
Server in order for a user to remotely view e-mails or other Outlook information. Data is 
transferred directly firom peer-to-peer without storing data on a server. 

[0121] The peer user can access information stored in Outlook fix>m anywhere she can 

browse the Intemet PeerOutlook supports common desktop browsers (Netscape Communicator 
and Microsoft Intemet Explorer); browsers on Pahn OS, Windows CE and Blackberry PDAs, 
and I-Mode and WAP interfaces for cell phones. PeerOutlook features can also be accessed 
through the Peer Switch Application (stand-alone executable) and Microsoft Outlook using the 
Peer Switch Outlook add-in type API. 
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[0122] In the embodiment (Fig. 8), the PeerBook Outlook client provides three pages^ 

Home, Contacts and Shared Folders, which are selectable from die folder list or from the tabs at 
the top of the window. The Home page, for example, hsts notes and displays the system activity 
of the computing device for the current PeerBook session. System activity includes such actions 
as logging in, logging off, access to shared items, etc. 

[0123] The Contacts Page lists the members of Ihe community or communities of which 

the user is a member. The display on the Contacts page preferably provides a color coded 
listing, where a predetetmined color indicates those community members who currently are 
logged on with the peer service. From the Contacts page, the user can send instant messages and 
notes to any listed on-line contact. The user can also manage community teams that the user 
owns or create new teams among community memb^. 

[0124] The PeerBook window (shown in Fig. 8) has a main section to the right, which in 

this example is showing the contents of the selected Shared Folders page. The Shared Folders 
page lists file and/or e-mail folders to which the user has access. Preferably, color indications 
idratify the shared items tiiat are currently available (due to on-line status of the relevant peer 
device containing the items). The owner of a folder must be logged on with the pear service at 
the time, for the folder to be available to the community/team(s) with which it is shared. From 
the Shared Folders page, the user can access or manage folders or create new shares. 
Additionally, the user can identify any shared folder as a *Tavorite." The folders displayed on 
this page may be grouped in different ways, selected by the user, for example, by showing all 
shared folders, so as to show all shared folders grouped by team, to show all shared folders' 
grouped by owner, to list favorites, or to show the folders shared by the particular user. 
[0125] Above the main section, the window (Fig. 8) lists varioxis actions that are 

available to the user, for acting on the current contents of the PeerBook page. The Show Me 
section of the window provides various options for displaying the page's information. The Find 
section of the window provides a quick search function, for finding a Usting on the particular 
page. Additionally, on the Shared Folders page, there is an advanced search function that can be 
used to find specific shared folders or the information that they hold. The upper right section of 
the window is home to the Help information and any available system options, such as Login and 
Change Password. 
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[0126] In order to share folder (or drive) information, a team must be defined and the 

people with whom the user intends to share ihe information must be identified as memb^ of the 
team. Once the team is created and a folder is shared with the team, any team member will have 
access to the folder and its contents whenever the user is logged on to the peer service fi^om the 
machine containing the share. A team is composed of one or more members who are drawn 
fi'om a community list The person who creates the team is automatically made a member of the 
team and is designated as the Owner* Membership in teams cannot cross communities. All team 
members belong to the same community. To share information across conununities, a user who 
is a member m each commimity can set up teams in each community and share the information 
witti both teams. The user device signals all such activities to the Peer Switch 11, which 
maintains the appropriate records in its database 19. 

[0127] PeerOijtlook allows members of Peer Switch teams to share Outlook folders. 

Peers can view and manage items stored within Outlook folders, including: E-mail, (Contacts, 
Calendars, Tasks, and Notes. Team members also can restrict management of Outlook 
information to the owner of the share, all other team members have read-only access. 
[0128] PeerOutlook allows users to share any Outlook folder at any level with one or 

more Peer Switch teams. For example, a manager can chose to share his Calendar folder with 
team "Engineering". This would enable all members of the engineering team to view the 
manager's calendar jfrom any PC that has the Peer Switch chent installed or any web-enabled 
device. Once an Outlook folder has been shared, team members will immediately see the newly 
shared folder within the PeerOutlook chent plication. If the team member is viewing Peer 
Switch through a browser, then the folder is shown the next time that the browser is refireshed. 
[0129] Shared information is peer and member based. Information shared at a particular 

peer computing device is only available if the member who shared that information is logged in 
at that computer. However, a coromunity member can be logged in from any nmnber of devices. 
The folders displayed in the Shared Folders page are all of the folders that the member has 
shared or that are shared with that member by othCT team members, via any of the teams of 
which the user is a member. In a preferred embodiment, a red icon indicates that the member 
who shred the folder is not currently logged into the peer service at fho relevant computing 
device, therefore, the folder is not currently accessible. In such an embodiment, a green icon 
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indicates that the folder is accessible, that is to say, because the member who shared that folder 
with the team is logged in at the relevant computing device. 

[0130] As shown by the above discussion, all information is shared via a defined team. 

In order to share information, a team must be defined, and the people with whom the user intends 
to share the information must be identified as members of the team. This is the case even if the 
user is the only mraiber of tiie team, where he/she intends to share access to information firom 
his/her multiple devices, e.g. via remote control. For example, the user may log in firom a PC 
and activate the Windows Lock feature or the like, to make it possible to keep the Peer 
Switcti/PeerBook connection active while at the same time preventing unlEuitfaorized use of ttie 
device. The user can then log in firom another device, e.g. a Isptop, mobile phone or PDA, and 
access shared information on tiie PC. In another example, the user may have shared folders on a 
desktop PC 53 and on a li^top 59. To be able to access the folders firom a PDA 69 or mobile 
phone 67, ttie PeerBook user must be logged in with the peer service at server 11, on both the 
desktop PC and the laptop. When the user logs in via the PDA or mobile phone, shared folders 
on any one device are available to the oth^ devices, and vice versa. 

[0131] The "owner*' of the shared folder (the *share' in this example) has fiiU read-write 

access to Outlook information. Other users, however, have read-only access. For exan4)le, only 
owners can forward e-mails usmg Pe^Outlook. This is done because e-mails tiiat a us^ 
forwards using PeerOutlook are sent firom the default user account within Outlook. PeerOutiook 
does not allow other people to send e-mails using someone else's e-mail account 
[0132] Outlook items, including E-mail, Contacts, Calendars, Tasks, and Notes, can be 

viewed and managed using PeerOutlook. For example, once a user opens a shared folder that 
contains e-mails, he will be able to read messages, download attachments, search for e-mails, 
compose and send messages, reply to a message, forward a message and attach files to a 
message. To read a message, a user needs only to chck on the message he wants to read and it 
will be displayed on his screen. 

[0133] When a user opens a shared folder that contains contacts, he will be able to view 

contact information, search for contacts, add or delete contacts, and edit contact information. 
When a user opens a shared folder that contains calendar appointments, he is able to view 
appointmaits, modify or delete g^pointments and search appointments. To view an 
appointmrat, a user needs only to click on the appointment he wants to see. Vfhcsn a user opens a 
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shared folder tiiat contaisis tasks, he can view the ta^ list, create new tasks, modify an existing 
task or delete a task. He can also sort tasks. When a user opens a shared folder that contains 
notes, he can view the notes, make changes, delete notes and create new notes. 
[0134] In the embodiments, an instant message (IM) is a communication that the user can 

send to any member of the community who is currently logged into the peer service. The IM 
messages travel directly between on-line peer devices via a secure channel through the Internet. 
Li the embodiments, instant messages are managed via the Contacts page of the PeerBook 
window. In an embodiment of the Peer Switch Outlook cUent, a green indicator associated with 
a contact's name on the list denotes a community member who is logged in. Red indicates a 
community m^ber who is not currently on-line. 

[0135] To initiate an IM session, the user accesses the Contacts page from the PeerBook 

window of Fig. 8. The user then selects the desired contact (if on-line) from the Ust on the 
Contacts Page. The selected contact's name appears highlighted in the display, and then the user 
selects "Instant Message" from the m^u of options spearing above the contact hst. 
Alternatively, the user may double click on a Usted name and select "Instant Message" from the 
pop-\q) menu. The Peer Switch chesat program than generates a PeerBook Messaging window, 
and the user can type and send a message to the selected member. The contact receives the 
message and must access the message to complete set-up of the IM session. Once the contact 
has accepted, the exchange of instant messages between the parties can begin immediately and 
contmue as long as desired. Transfer of messages between the user and the selected contact is as 
fast as their respective Internet connections will allow. Similar techniques can be \ised to set-up 
telephone-like voice over IP sessions and/or video telephone sessions between community 
members. 

[0136] The peer service also allows the exchange of notes between members. A note is a 

communication that can be sent to any mmiber or team of the commimity regardless of whether 
or not the intended recipient(s) are on-line. The note remains available for whenever the 
recipient next logs in to or opens a PeerBook session. Notes can be sent from either the 
PeerBook Home page or the Contacts page, but notes are read via the PeerBook Home page. A 
note is stored in the Pe^ Switch server 13 for the conmixmity, until deleted by the reorient 
[0137] When the user selects the Notes feature, the Peer Switch client program generates 

a PeerBook Note window. To send a note, a user selects tiie "Send Note" option from the menu 
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above the Home page (Fig, 8). From the Contacts page, the user selects the conamimity member 
or team mtended to receive the note and then selects "Send Note" either from the menu above 
the page or from the pop-up menu if the user double clicked on the recipient's name from the 
Contacts list. If initiated from the Contact page, the program fills in the "To:" line in the Note 
window witii the recipient data If initiated from the Home page, the user can fill in the 
necessary recipient data, for example, from a drop down list activated by clicking on a down 
arrow associated with the *To:" line in the window display. The user can enter an identifying 
subject line and dien enter the text of tiie note. After completion of the note, the user selects 
'"Send," the program closes the note window, and the computing device forwards the note to the 
server 13, which notifies the intmded recipient(s). Each intended recipient receives a notice and 
can retrieve the note message Scorn the server, either instantly or when the intmded recipient next 
logs in to the community. 

[0138] Those skilled in the art will recognize that additional functions can be delivered 

over the pe^-to-pe^ connections of the Peer Switch service using peer client programming 
similar to that discussed above relative to Figs. 7 and 8. 

[0139] Peer Switch Web is essentially a Peer Switch UI conQ>onent that acts as a fix>nt 

end to fho Peer Switch Manager and presents Peer Switch information through a Web server to 
remote users. Fig. 9 is a web. architecture diagram, similar to the Peer Switch client architecture 
diagram of Fig, 7. The Peer Switch Web inter&ces to and works throu^ the web server 
program, in a manner analogous to the operation of the Peer Switch client programs through 
existing PIMs in the ^bodiment of Fig. 7. The web server program and the Peer Switch Web 
routine provide a user interface based on web page pres^tations and user selection of displayed 
links, via a standard browser iqiplication running on the end user's device. Unlike the 
implementation of Fig. 7, however, the UI of the web embodiment includes communications of a 
remote device with the web server (shown for example at H in Fig. 1). 

[0140] When the user logins in through the web server, the Peer Switch Manager first 

attempts to log the user in to all registered Peer Switches. Once logged in, the connections 
between the Manager (Peer Switch Web) and the servers are persistent. Each Peer Switch server 
11 downloads the list of shares and other users that are available to the user from that 
community, and the v/db server 17 provides a page or pages to the user displaying that peer 
information. As other users login and out of the Peer Switch, and as shares are created and 
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deleted on the Peer Switch server(s), each server 13 notifies the instance of the user's Peer 
Switch client running on the web server 17, and the client provides updated web pages to the 
user's browser for display. 

[0141] Hence, Peer Switch Wdb (Fig. 9) is a Peer Switch UI component that acts as a 

proxy for all users logged into a community through the Web server. All of die shares that a user 
would see on a Pe^ Switch session on the user's device are shown in the users' Web browser 
session. 

[0142] In current implementadons, the pages are formatted for two common PDA 

browsers: Pocket IE for the Pocket PC platform, and Handspring Blazer for the Pahn OS 
platform. The pages will also be formatted for viewing via other common browsers. Figs. lOA 
and lOB show exanqiles of two common screens, as they might appear when presented via the 
Peer Sv^tch Web and the browser on the user's device. These drawings represent screens of Peer 
Switch Web as they might appear on a Pocket PC. Fig. lOA ^ows the logm screen. Fig. lOB 
shows die current shares (shared documents/files) available to/firom peers within the user's 
community. In the example of Figs. lOA and lOB, the user is "Jay Pisula." The shared folders 
(Fig. lOB) include folders of several other members of the community (John flowers and Steve 
Phillips) as well as at least one of the user's own folders (My Documents for 
JayPisula@devcli03). The displayed pages offer users peer commimication features 
substantially similar to those offered to PC users in the Outlook example discussed above. 
[0143] In addition to the PDA browser examples discussed above. Peer Switch Web also 

supports full screen desktop browsers, like Microsoft Internet Explorer and Netscape. Peer 
Switch Web also supports WMLAVAP browsers for web-enabled mobile phone (see 67 in Fig. 
2), and the software architecture (Fig. 9) preferably supports other devices capable of browsing 
the Web. 

[0144] The Peer Switch embodiment, for enhanced peer-to-peer communications utilizes 

certain protocols and procedures developed to overcome particular problems and/or provide 
particular desirable service features. These include protocols and procedures to faciUtate the 
communication between a Peer Switch cUent and server process and the protocol for client peer- 
to-pea: commimications. Consider first the communication between a Peer Switch cUent and 
server process. 
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[0145] The protocol used to coxnmimicate between a Peer Switch client and the Peer 

Switch server 1 1 begins with establishment of a TCP/IP connection between the cUent device 
and the server 13 in the normal manner. The client sends transaction requests to the server 
functionality. In the current format, the Bytes 1-4 of the request include a network long integer, 
that is to say the number of bytes in fhis transaction; whereas Bytes 5 through end of transaction 
contain an XML document of arbitrary length (length given in Bytes 1-4). The server responds 
to the client with messages in the same format. At times det^mined by the server, the server 
sends unsoUcited notification transactions to the client in the same format. 
[0146] The XML documents are in tiie following formats: 

a. Client requests: 

<PBReq Action=*'Login" UserID="abc" . . . 
/> 

b. Server responses: 

<PBResp Error="0" 

Action=*'Login" UserII>="abc" . . ./> 

[relevant data elements] 
<PBResp/> 

c. Server notifications: 

<PBNotify> 

<PeerPresence PeerII>="1234" ...» 

<PBNotify/> 

[0147] The Action attribute on Client Requests idrotifies fiie particular transaction 

requested by a client Ihe Server Response includes all the attributes of the Client Request, so 
that the cUent can later match tiie response to the request. 

[0148] The Error attribute on Server Responses indicates the success or failure of a 

transaction. Success is indicated by a value of "0". Failure is indicated by any other value, 
usually a string value denoting the nature of the error. 

[0149] S^er responses may contain any number of diild XML elements containing 

information for the clirat. These elements may be nested to any level. For example, a response 
to a PBReq transaction wi& an action value of ^Togm'^ may contain lists of peers online, shared 
folders available, notes and other data. 

[0150] PBNotify document elements contain unsolicited information about changes in 

the state of the Peer Switch commimity. For example, when another user logs in to or out of the 
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community, a client process is notified of this through a PeerPresence element in a PBNotify 
transaction. Or, when a folder is shared witii a user by another user, the first user client process 
receives a PBNotify transaction containing an AddShare element. 

[0151] In the addressing scheme of the Internet, an address comprises four numbers 

sq^arated by dots. This is called the Intemet Protocol address, or BP address. An example of an 
IP address would be 164.109.21 L237. Each machine on the Intemet has a unique number 
assigned to it, which constitutes one of these four numbers. In the IP address, the leftmost 
number has Ihe greatest weight. By analogy t his would correspond to the ZIP code in a mailing 
address. At times the first two numbers constitute this portion of the address indicating a 
network or a locale. That network is connected to the last router in the transport path. In 
diiBFerentiating between two computers in the same destination network only the last number field 
changes. In such an example the next number field identifies the destination router. 
[0152] When a packet bearing a destination address leaves the source router, the router 

examines the first two numbers in a matrix table to determine how many hops is the miriimnrn to 
get to the destination. It then sends the packet to the next router as determined from that table, 
and the procedure is repeated. Each router has a database table that finds the infonnation 
automatically. This continues until the packet arrives at the destination computer. The separate 
packets that constitute a message may not travel the same path depending on trafiSc load. 
However, they all reach the same destination and are assembled in their original order in a 
connectionless fashion. 

[0153] Hrace, to communicate via the Intemet 5 1 , every device must have an IP address. 

To conduct a session with another device, the IP address of the other device must be known. The 
IP addresses, however, are a scarce network resource. Hence, many user devices today receive 
IP addresses only through a dynamic assignment, for the limited period that each such user 
device is on-line and active. When users go oflF line, the IP addresses become available for 
reassignment and reuse by others. 

[0154] It would be difficult for most people to remember the four separate numbers 

(sometimes having ten or more digits) comprising each niuneric IP address. In addition, as noted 
the numeric IP addresses of many devices change, making it even more of a problem for people 
to keep track of them. The Domain Name System (DNS) was developed to provide some reUef 
from these problems. In the DNS system words, which are more easily remembered, are used 
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instead of numbers. The significance of each of the domains is the reverse of tiiat of the numeric 
IP address. In the numeric IP address, the most significant numbers were on the left and the least 
significant on the right. The textual Domain Name System begins with the least significant on 
the left and proceeds to &e most significant on the right 

[0155] At login with the Peer Switch service, the protocol outlined above will include 

signaling between the end user's device and the Peer Switch server 1 1 . The user's device knows 
the address to reach at least one such server based on DNS or direct IP addressing, and the 
signaling to the server identifies the currently assigned IP address being used by the particular 
user's device- Hie notification(s) firom the server to the user devices of the community members 
that are cuirratly on line provides address information necessary to reach those on-line members. 
The noticed address information could include domain names, which would be translated by the 
standard DNS services on tiie Internet, but preferably the notice distribution identifies the current 
IP addresses for the on-line user devices of the other members. 

[0156] The protocol used to communicate between two Peer Switch clients also begins 

with a TCP/IP connection, albeit one now established between tiie two Peer Switch clients. 
Either client may send messages to the other in the same format. In this format. Bytes 1-4 (a 
networlc long integer) specify the umber of bytes in part A of this transaction. Bytes 5-8 (a 
network long integer) specify the number of bytes in part B of this transaction. Then Bytes 9 and 
following contain Part A of ttie transaction, which either may be an XML document message 
describing a Peer Request, Response or Instant Message or may be a PeerChannel header. 
Following Part A, the transaction includes a Part B, which comprises binary data as indicated in 
Part A. 

[0157] If Part A is a PeerChannel header, then the first four bytes of Part A are a 

constant, well-known value called a magic number. Oth^wise, Part A is an XML document. 
The PeerChannels are virtual connections that are •tunneled" through ttie single TCP/IP 
connection. Tunnels are established through requests made in XML transactions. The 
PeerChannel header is comprised of: 

a. Bytes 1-4 ~ the magic number indicating that this is a PeerChannel header. 

b. Bytes 5-8 ~ various bit flags including the following: 

i. 0x00000001 - suspend sending data on this channel 

ii. 0x00000002 - resume sending data on this channel 

iii. 0x00000004 - close this channel 
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c. Bytes 9- 1 2 - the channel number finom which this data originated (the source 
channel). 

± Bytes 1 3-1 6 - the channel number for which this data is intended (the destination 
channel). 

[0158] Data are deUvered through PeerChamels for purposes including file transfers, 

virtual connections between external jniograms (e.g., NefMeeting), and streaming video and/or 
audio data. 

[0159] XML docum^t messages exchanged between clients represent transaction 

requests, responses or instant messages: 

a. Client requests: 

< PBPeerReq Action='Dirlisf * ... 
/> 

b. Client responses: 

< PBPeerResp ErTor="0" 

Action=*'Dirlisf ' . . ./> 
[relevant data elements] 

< PBPeerResp/> 

c. Instant Messages: 

< PBPeerMsg/> [Followed in Part B by the message itself] 

[0160] The Action attribute on Client Requests identifies flie particular transaction 

requested by a client. The Response includes all the attributes of the request, so that a client later 
can match the response to the request. 

[0161] The Error attribute on Responses indicates the success or failure of a transaction. 

Success is indicated by a value of "0". Failure is indicated by any other value, usually a string 
value denoting the nature of the error. 

[0162] Responses may contain any niunber of child XML elements containing 

information for the client These elements may be nested to any level. For example, a response 
to a PBPeerReq with an action value of *T>irLisf ' may contain a lists of folders and other items 
contained in a shared folder. 

[0163] When flie XML document message contains a PBPeeiMsg element, then Part B of 

a message contains an instant message from the user at one client to the user at the other. 
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[0164] The process by which one computer initiates and another computer accepts a 

TCP/IP connection is well documented and widely used. The process by which two computers 
simultaneously initiate a TCP/IP connection with each other is documented, but is not 
implemented in most TCP/IP stacks in use today. For example, such a technique is not 
implemented in Microsoft's TCP/IP stack, and ttieirs is the most commonly used stack in tiie 
world. 

[0165] There is no known process by which three computers (A, B and C) already having 

established TCP/IP connections b^ween A and C and between B and C can then coop^iate to 
establish a TCP/IP connection between A and B. There is no known process by which two 
computers, each behind a respective firewall, which does not allow any TCP/IP connection to the 
mside to be initiated fi-om flie outside, can establish a TCP/IP connection between themselves. 
This presents a particular concem for establishing peer-to-peer connections, in an architecture of 
the type desoibed above relative to Figs. 1 and 2, where one or more of the peers resides behind 
a firewall. The Peer Switch embodiment addresses fliis concem by using a process by which one 
computer facilitates or brokers the creation of a TCP/IP connection betvvreen two other 
computers, as described in detail below. 

[0166] Fig. 11 shows three computers, two of which are behind firewalls. In the Peer 

Smtch environment, the computers A and B are eaad user devices desiring to establish a peer-to- 
peer session via ttieir client software. These two computers reside behind respective firewalls A 
and B. The broker compute C is one of the Peer Switch servers (see 1 1 in Fig. 1 or see Fig. 2). 
Hence, A, B and C designate three different computers connected in the Internet 51, with 
computers A and B behind respective firewalls. Typically, the firewalls A and B only allow 
TCP/IP connections to be initiated firom behind the firewall. (In this discussion. A, B and C each 
also refer to a computer program running on their respective computers.) 

[0167] Assume that TCP/IP connections already exist between computers C and A and 

between computers C and B, for example between the Peer Switch server 1 1 and two peer user 
devices such as 21 and 27 in Fig. 1. Assume that the users desire to establish a TCP/IP 
connection between computers A and B, e.g., for peer-to-peer communications. Computer A 
sends a packet of data to computer (server) C requesting a connection established between port 
PA on computer A and some port on computer B. The broka: computer C (e.g. the server 11) 
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validates that the proposed connection is allowed and sends a request to establish the connection 
to computer B. This request to B includes the port PA to be used by computer A. 
[0168] In response to tiie received request, peer computer B sends an acceptance of tiie 

request to broker computer C. This response includes the port number (PB), which peer 
computer B intends to use for the peer-to-peer connection. Broker computer C (e.g. server 11) 
now sends an acknowledgmCTit of A*s original request to peer computer A. The 
acknowledgement message includes the port PB to be used by B. 

[0169] Peer computer device A now initiates a TCP/IP connection firom its own port PA 

to port PB on computer B. However, B's firewall prevents the initial session set-up packet from 
reaching conq>uter B, smce it is a session not initiated from the protected user side of that 
firewall. 

[0170] However, in the embodiment A also sends the initial IP packet (PA-PI) for the 

proposed connection PA-PB to the broker C, through the existing A-C connection. This packet 
is not normally available to application-level programs, so its capture is of some interest to the 
discussion here. There are several ways to accomplish this part of tfie process. One approach is 
to modify the TCP/IP protocol stack software to make the initial TCP/IP packet available to 
apphcation programs, e.g. through lOCTL calls (lOCTL refers to input-ou^ut control and is 
used to manipulate a character device via a file descriptor.). Another ^proach to this capture is 
to use a packet filtering program to capture such packets and pass them to the program A. 
Another technique is to create an intermediate NDIS driver or a Hook driver to do the work, on 
operating systems such as Microsoft Windows. In any of these (or other) cases, the task is to 
capture the initial packet of a new TCP/IP connection and make it available to the program A, so 
that the program A can send it to the broker program C through its already-existing connection 
A-C. 

[0171] The other peer computer B also initiates a TCP/IP connection, in this case from 

port PB to port PA on the computer A. Here, A's firewall prevents this packet &om reaching 
computer A, since it is a session not initiated from the protected user side of that firewall. The 
computer B also sends the initial IP packet (PB-Pl) for the proposed connection PB-PA to 
broker C through the existing B-C connection, in the same maim^ as described above for the 
similar packet from program A. 
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[0172] The broker computer C (e.g. server 11) uses information in the initial IP packet 

PB-Pl to construct an IP packet (PB-Pr), which would have been B's response to IP packet PA- 
PI, if program B had been listening on port PB and accq>ted the connection PA-PB (but which 
was blocked by the firewall B). The broker computer C (e.g. server 11) sends this (raw) IP 
packet through the network to port PA on computer A as if it had come from the port PB on the 
computer B. The construction of PB-Pl' packet consists of copying PB-Pl and adding an ACK 
of the initial sequence number in PA-PI (phis one). 

[0173] The broker computer C uses information in initial IP packet PA-PI to constmct an 

IP packet (PA-PI •) which would have been A's response to IP packet PB-Pl, if program A been 
had Ustening on port PA and accepted the connection PB-PA PB (but which was blocked by the 
firewall A). The broker computer C sends this (raw) IP packet through the network to port PB 
on computer B, as if it had come fix>m the port PA. The construction of PA-PI ' packet consists 
of copying PA-PI and adding an ACK of the initial sequence number in PB-Pl (plus one). 
[0174] To the peer computers, it now appears as if they have received acknowledgements 

to their respective requests to establish a TCP/IP session. Computers A and B now each respond 
to the PB-Pr and PA-PI' packets with the third packet of flie TCP three-way handshake in the 
normal manner, and the desired TCP/IP connection between A and B is established. In the Peer 
Switch service, desired peer-to-pe^ communications now ensue between coinputer A (via TCP 
port A) and computer B (via TCP port B). 

[0175] The Peer Switch embodiment also utilizes a particular technique to establish 

virtual TCP/IP connections between IP-enabled devices (in this case peers), either or both of 
which may be located behind an HTTP proxy, using a PeerProxy controlled by the Peer Switch. 
Fig. 12 is a block diagram useful in explaining peer-to-peCT commimications is accord with this 
process. As shown, end user computers Peer A (PA) and Peer B (PB) are behind respective 
HTTP proxies. Each has a proxied connection to a Peer Switch conq)uter (PS), typically a server 
1 1 (Fig. 1 or Fig. 2). The Peer Switch computer (PS) communicates with a PeerProxy (PP), 
which may reside in one of the servers 11 or 17 (or in a router or other Internet node), 
[0176] Assume that there are existing- connections PA-PS, PB-PS between the peer 

computers and the Peer Switch server and a connection PP-PS between the PeerProxy and the 
Peer Switch server. In this example, the user of peer computer PA wants to establish a 
connection PA-PB with the peer computer PB. A specific example of the method for 
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establishing a virtual TCP/IP connection between .two IP-enabled devices (Peers) tiien proceeds 
as described below. 

[0177] First, ttie originating peer computer PA sends an XML transaction PBReq with 

ActioiP=Connect, to the Peer Switch server PS. The Peer Switch server PS generates two 
ciyptographically random values of sufficient size as to be practically impossible to predict. The 
Peer Switch server PS sends these two values to the PeerProxy PP in an XML transaction PBReq 
Action=Proxy. The PeerProxy PP stores flie values in a table of pending connections. 
[01 78] The Peer Switch servo: PS sends one value to destination peer computer PB, in an 

XML transaction PBNotify with child node ConnReq containing tiie value and the IP address of 
the PeerProxy PP. The Peer Switch server PS sends the other value and the IP address of 
PeerProxy PP to the originating peer computer PA, in an XML transaction PBResp with Action 
= Connect and Scheme = PeerConnSchemeProxy. 

[0179] The originating peer computer PA initiates a normal TCP coimection to the 

associated HTTP proxy server HA at port 80 and sends an HTTP CONNECT request to establish 
an HTTP tunnel to the PeerProxy server PP at port 443 (or another assigned port). Upon receipt 
of a success status (200) message, the originating peer computer PA sends the random value it 
received from Peer Switch server PS. 

[0180] The destination peer computer PB also initiates a normal TCP connection, in this 

case to the associated HTTP proxy server HB at port 80 and sends an HTTP CONNECT request 
to establish an HTTP tunnel to the PeerProxy server PP at port 443 (or another assigned port). 
Upon receipt of a success status (200) message, the destination peer- computer PB sends the 
random value it received from Peer Switch server.PS. 

[0181] The PeerProxy serv^ PP is listening on port 443 (or another assigned port) for 

TCP/IP connections. When it accepts one, the PeerProxy server PP expects to receive a random 
value that matches one in the pending connections table. If it receives such a value within 10 
seconds, then it attaches the accepted socket to that portion of the pending connection table. 
When the PeerProxy server PP accepts a connection and receives a value that matches the second 
half of the pending connection table entry, the PeerProxy server PP creates an entry in the active 
connection table, removes the entry from the pending connection table, and begins to forward 
data received on the one socket to the other socket. In this manner, the PeerProxy provides a 
logical connection between the connections established with the peer devices A and B, thus 
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enabling flie desired peer-to-peer comznimications. When a socket is closed, the PeerProxy 
s^er PP waits until any pending data has been sent to the other socket and then closes the other 
socket. When both sockets are closed, the entry in the active connection table is removed. 
[0182] Every thirty seconds, the PeerProxy server PP scans its pendmg connection table 

for entries over thirty seconds old, deleting any sudi entries. Every thirty seconds, the PeerProxy 
server PP scans its active connection table for entries where one side of the socket has been 
closed for more than thirty seconds, and performs closing actions on any such entry. 
[0183] Figs. 13 and 14 relate to an alternate service embodiment, focused more on peer- 

to-peer e-mail s^ces, referred to as the PeerMail architecture. The elements of the Pe^Mail 
embodiment (Fig. 13) may be similar to those in the Peer Switdi embodiment or run in parallel 
to or even as a subset of the Peer Switch q>plications on tiie servers and/or on some of the same 
end user devices. 

[0184] PearMail is a next-generation e-mail application designed for peer-to-peer 

commxmications, for example, so as to provide the ability to securely send and receive email 
messages and attachments from peer-to-peer without passing data through an e-mail server. The 
embodiment also offers remote control of PeerMail features ttirough any web-enabled device 
such as laptop, PDA or phone. PeerMail operates across a variety of network obstacles (e.g. 
firewalls, NAT, and slow wireless coimections) that make otherwise make the feature 
. implementation difficult, if not impossible, to acconq)hsh with existing technology. 
[0185] The PeerMail user interface (UI) is available through Microsoft Outlook, stand- 

alone ^pUcations for Windows PC's, common desktop browsers (Netscape CJonmaunicator and 
Microsoft Internet Explorer), PDA browsers on Palm OS, Pocket PC and Blackberry, and i-mode 
and WAP interfaces for cell phones. Security is implemented on every network connection 
made by PeerMail. Digital certificates are used for auth^tication, strong encryption is used to 
secure peer-to-peer sessions, and HTTPS is used to secure web sessions. By establishing 
network cormections for e-mail directly between clients (i.e. peer-to-peer connections), PeerMail 
creates little or no overhead for servers. Mail is sent and received directly from PC to PC or 
from PC to remote device. 

[0186] Fig. 13 shows the high-level PeerMail architecture 500. As illustrated, PeerMail 

consists of three principal components. The system 500 includes two types 513, 517 of servers, 
end user/client devices 521, 523 and 527 rurming respective client appUcations, and remote user 
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devices 529. 567 and 569 accessing a client and application for PeerMail service via a browser 
and the web, for remote control. The hardware and ph>^ical network connections of the 
illustrated devices are essentially the same as in the Peer Switch embodiment of Figs. 2-6. 
[0187] The PeerMail Community server 513 (which may also serve as a Peer Switch 

Commmiity Server) is responsible for authenticating users into a PeerMail community, and for 
several administrative activities including presence mapping. Although only one PeerMail 
Community server 513 s^jpears m ihe drawing, there may be any number n of such servers, 
needed to handle tiie desired level of communications for the numb^ of users. The PeerMail 
client application 540, 550 resides on the user's PC, PDA or other peer device. The PeerMail 
client plication 540, 550 carries out the majority of PeerMail functions between itself and 
other peers (Peer-to-Peer data link) or the s^er 513 (signaling link). The PeerMail Web 
functionality is responsible for providing remote control access to peers through a web server 
517. 

[0188] The PeerMail server 513 maintains a database of users, teams, and shares within a 

community. The PeerMail server 513 also authenticates users into the community. As needed, 
the server 513 generates digital certificates on the fly, for example, when two clients want to 
connect with each other so they can authenticate one another. The server 513 also notifies a 
PeerMail client when other users are on-line or off-line, for example, to indicate the status of 
devices of other members of the user's community or communities. This notification function 
involves a presence m^ing of the users, by the PeerMail server 513. Another function of the 
PeerMail server 513 is to faciUtate connections between peers, for example, when firewalls, 
proxies and NAT systems exist in the network between the peers, using techniques such as those 
discussed above relative to Figs. 1 1 and 12. 

[0189] Examples of the PeerMail client architecture, for PCs and PDAs, appear in Fig. 

14. In both examples, the PeerMail Client programming 540, 550 includes a PeerMail manager 
541, 551 and a PeerMail application program 543, 553. The PeerMail Manager 541 or 551 
carries out most of the PeerMail client functions, including sending and receiving e-mail 
information, and handling all PeerMail network connections. There is one PeerMail Manager 
routine for each PC or other device progranoaned as a PeerMail cUent 

[0190] The PeerMail Application program 543 or 553 is a stand-alone executable that 

contains the fi-ont-md user interface to the PeerMail Manager 541 or 551. This application is 
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available for common desktop and PDA operating systems, including Windows 95/98/NT/2000, 
Palm OS, and CE. 

[0191] In the PeerMail client 540, the user device runs Microsoft Outlook 547, and tiie 

client programming includes a Pe^Mail Outlook Add-In routine 547. The Add-In routine 547is 
a user inter£Eu;e to the PeerMail Manager 541 that has been integrated into Microsoft Outlook 
545, The PeerMail client is designed so that ttie PeerMail UI components could be written for 
any number of Personal Information Mangers (PIMs) or other applications, e.g. Lotus Notes or 
Eudora. There can be more ihan one instance and or type of PeerMail UI component running on 
a PC and conununicadng with the PeerMail Manager at one time. For example, in cUent 540, ttie 
appUcation 543 may provide a standalone vtsec interface running in parallel wi& the user 
interface provided by Outlook 545 and the Outlook Add-in 547. 

[0192] The PeerMail Manage 541 or 551 is typically started when the PeerMail 

application 543, 553 or associated PIM (like Outlook 545) has been started. 
[0193] When PeerMail Manager is started, it first attempts to login to all registered 

PeerMail Conamunity servers 513 (Fig, 13). Once logged in, the coxmections between the 
PeerMail Manager and the servers 513 are persistent. Each server 513 downloads the list of 
conununity members that are available to the user team that community. As other users login 
and out of PeerMail, the server 513 notifies each PeerMail client of flie conununity over this 
same connection. All data sent through flie ^^ignal Link" between PeerMail Chents and 
Pe^Mail server 5 13 is strongly encrypted using tiie TLS protocol (the successor to SSL). 
[0194] When the user wants to send mail to anotiiCT peer, the PeerMail client 540 or 550 

sends a message to PeerMail server 513 that is relayed to the peer, requesting a connection. The 
request contains address and port data necessary to make the connection. The remote peer then 
initiates a network connection back to the requesting peer. PeerMail encrypts data sent between 
peers and creates a digital signature to ensiire that the data cannot be read or changed by anyone 
who does not have keys to unlock the data. If the peer that a user wants to send mail to is not 
online, then the message is kept locally on the seder's device until both peers are online at the 
same time. When the recipient peer comes on-line, the PeerMail server notifies peer devices of 
all members of that party's community, including the peer device having the stored e-mail 
message. The sending user may respond to the notice by manually triggering a send routine for 
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the message; or the sending peer" device may automatically execute the Send routine of its client 
program for the stored message, upon recognition that the intended recipient has come on-line. 
[0195] Once established for direct mail transfer, the peer-to-peer connection is persistent 

between peers. All subsequent activity between the peers will occur over the same connection. 
All data sent between two peers in strongly enaypted. 

[0196] It may be helpful to consider a few examples of typical PeerMail transactions that 

occur betwem Peer Switch server and a PeerMail client and between clients, when sending an e- 
mail message to another PeerMail client. For purposes of this discussion, assume that peer user 
at A using device 521 and client programming 540 desires to send a message to peer user at B, 
who normally utilizes device 527 and client programming 550. 

[0197] The user on PeerMail cUent A 540 ^eer A) types an e-mail message on device 

521 to be scat to PeerMail client B (Peer B). In this scenario. Peer A and Pe^ B are not yet 
connected to each other, but both are online. 

[0198] When the Peer A user chooses to **send'* the message, four hash keys are created 

that are in tum are used to create encryption keys for use during fins peer-to-peer session (i.e. 
session keys). The client 540 for Peer A causes the device 521 to send a TCP/IP port identifier 
(chosen at random) and the session keys to PeerMail server 513 and begins listening on the 
identified TCP/IP port. The PeerMail server 513 passes the session keys and Peer A's TCP/IP 
port identifier down to the client 550 for Peer B on device 527. 

[0199] • The clients for both Peer A and Peer B now have the same session keys, and the 
client 550 for Peer B now has Peer A's TCP/IP address and port number to begin 
communication. The client 550 for Peer B now contacts the client 540 for Peer A using the 
TCP/TP address and port number, and a peer-to-peer datalink is created directly between the 
cUents on devices 521 and 527. 

[0200] When Peer A sends data to Peer B, session keys nimaber one and two are used for 

encryption and decryption. When Peer B sends data to Peer A, session keys number three and 
four are used for encryption and decryption. In our example, the e-mail message is encrypted 
using session key one. A digital signature is created using MD5 hashing algorithm and 
encrypted using session key two and is added to the message data. The device 527 for Peer B 
receives the data from Peer A, and the cUent 550 decrypts the e-mail message and digital 
signature using session keys one and two. The client 550 for Peer B recreates the MD5 digital 
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signature for the e-mail message and compares it to the one sent by Peer A, to* ensure that the 
data has not been changed.-. 

[0201] Now if Peer B sends a response e-mail back to Peer A, session keys number three 

and four are used for enciyption and decryption. The return e-mail message is encrypted using 
session key three. A digital signature is created using MD5 hashing algorithm and encrypted 
using, session key four and is added to the message data. The device 521' for Peer A receives the 
data from Peer B, and the client 540 decrypts the e-mail message and digital signature using 
session keys three and four. The client 540 for Peer A recreates the MD5 digital signature for 
the return e-mail message and compares it to the one sent by Peer B, to ensure that tiie data has 
not been changed. 

[0202] The PeerMail Outlook Add-In 547 allows users to experience PeerMail as anotiier 

account wifliin Outlook. Using Outlook Contacts, users can tell who is a member of PeerMail 
and their on-line status presence mapping). Users can search tiirough PeerMail for contacts to 
add into Outlook and/or invite Outlook contacts to join the PeeiMail conmiunity. Users create 
messages and add attachments using the standard new message user interface provided by 
Oudook 545, When ttie user wants to send the message through Pe^Mail, they select the 
PeerMail account from tiie Send drop down button, just as they would do to send from another e- 
mail account. E-mail is placed in the Sent Items folder after it has been delivered. E-Mail from 
. PeerMail arrives in the Outlook Inbox. Users can open, find, forward, reply, r^ly all, delete, 
print, mark as read, mark as unread, and move PeerMail messages. Users can open, print, save 
as, copy and r^ove PeerMail attachments. 

[0203] The PeerMail Application 543 or 553 is a messaging and collaboration front-end 

to PeerMail Manager 541 or 551. With this Application user interface, contacts can be created, 
i^dated, and deleted. A presence map is available to allow users to see current on-line status of 
other community naembers. In the currrat embodim^t, the following folders are installed by 
default witii the PeerMail Application: Deleted Items, Drafts, Inbox, Outbox, and S^t Items. 
Users can create, rename and remove custom folders. The embodiment allows users to perform 
the following actions for PeerMail Messages: Create, Delete, Find, Forward, Mark as Read, 
Mark as Unread, Move to Folder, Open, Print, Reply, Reply All and Send. Users also can 
perform the following actions for E-Mail Attachments: Open, Print, Save As, Copy and Remove. 
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[0204] PeerMail web provides a thin Internet firont-end that presents PeerMail 

information tihrough a web%server 517 to remote users, in a manner analogous to the web access 
in the Peer Switch embodiment. The PeerMail web programming^ on server 517, acts as a proxy 
for all users logged into the PeerMail community through the web server 517. PeerMail 
messages and attachments that a user would see on a PeerMail session on a PC or the like are 
shown in the user's web browser session. PeerMail web preferably supports the following 
browsers: common desktop browsers (Netscape Communicator and Microsoft Internet Explorer); 
PDA browsers on Palm OS, Pocket PC and Blackberry, and i-mode and WAP interfaces for cell 
phones. Current PeerMail web embodimrats allow users to perform substantially fh& same 
functions ov^ the web, which they can p^orm using the Pe^Mail Application from one of the 
client devices, 521, 523, 527. 

[0205] As should be apparent from the above discussion, certain aspects of invention 

relate to the software elements, such as the executable code and the database of the Peer Switch 
or PeerMail server, the software used to implement the web server and associated proxy .dient 
functions, the peer client appUcations, etc. Some or all of these different functions may reside on 
different physical systems as shown, linked by local or wide area communications networks. 
Preferably, server components of the inventive software reside in the computer system(s) of the 
entity who offers the Peer Switch or PeerMail type peer-to-peer SCTvices, and the client sojBware 
resides in the peer devices of members of the teams and communities form the actual user 
groups. However, the software may reside on other devices and be transferred as needed, to 
newly program servers or user devices or to upgrade programming of the various peer service 
systems. 

[0206] At different times all or portions of the executable code or database for any or all 

of the software elemCT^ts may reside in physical media or be carried by electromagnetic media. 
Physical media include the memory of the computer processing systems (e.g. in Figs. 3 and 4), or 
of the portable devices (e.g. in Figs. 5 and 6), such as various semiconductor memories, tape 
drives, disk drives and the like of general-purpose computer systems and the mobile 
computing/commimications devices. All or portions of the software may at times be 
coramunicated through the Internet 51 or various other telecommunication networks. Such 
communications, for example, may serve to load the software from anotiier computer (not 
shown), for example, into one of the servers 1 1 or 17 (or 513 or 517 in Fig. 13) or into any other 
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peer computer systems or portable user devices utilized in the peer-to-peer coimnunications. 
Thus, another type of media that may bear the software elemmts includes optical, electrical and 
electromagnetic waves, such as used across physical interfaces between local devices, through 
wired and optical landline networks and over various air-links. 

[0207] Terms relating to computer or machine "readable medium" as used herein refer to 

any medium that participates in providing instructions to a processor for execution or for 
carrying data to or ftom a processor for storage or manipulation. Such a medium may take many 
forms, including but not limited to, non-volatile media, volatile media, and transmission media. 
Non-volatile media mclude, for example, ROM, optical disks or magnetic disks, such as in any 
of the storage devices m the systems of Figs. 3 to 6. Volatile media include dynamic memory, 
such as main memory (RAM or the like). Transmission media include coaxial cables; copper 
wire and fiber optics, including the wires that comprise a bus within a computer systan. 
Transmission media can also take ttie form of electric or electromagnetic signals, or acoustic or 
light waves sucli as those gaaerated during radio fi:equency (RF) and inJfrared (JR) data 
conraiunications. Conmion forms of computer or machine readable media include, for example, 
a floppy disk, a flexible disk, hard disk, magnetic tape, any other magnetic medium, a CD-ROM, 
DVD, any other optical medium, punch cards, paper t^e, any other physical medium with 
patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or 
cartridge, a carrier wave transporting data or instructions, or any other medium from which a 
computer can read. Various forms of con^iuter or machine readable media may be involved in 
carrying one or more sequences of one or more instructions or data to a processor for executiorL 
[0208] The drawings and the description above are given by way of example, as a 

detailed disclosure of presently envisioned embodiments of the peer-to-peer communications. 
While the foregoing has described what are considCTed to be the best mode and/or other 
preferred embodiments, it is understood that various modifications may be made ttierein and that 
the invention or inventions disclosed herein may be implemented in various forms and 
embodiments, and that they may be applied in numerous applications, only some of which have 
been described herein. It is intended by the following claims to claim any and all modifications 
and variations tiiat fall within the true scope of the inventive concepts. 
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Appendix - Acronym List • 

[0209] The written description above uses a nmnber of acronjrms to refer to various 

protocols, message formats, instructions, system components and the like. Although generally 
known, use of several of these acronyms may not be strictly standardized in the ait. For 
purposes of this discussion, acronyms have been defined as listed below. 



[0210] 


API 


w^tplicadon Programming Interface 


r/\^ 111 

[0211] 


Ascn 


American Standard Code for Information Interchange 


[0212] 


CD 


Compact Disk 


[0213] 


CD-ROM 


CD - Read Only Memory 


[0214] 




Central Processmg Unit 


[0215] 


CRT 


Cathode Ray Tube 


[0216] 


TN"X TCI 

DNS 


Domain Name System 


[0217] 


DRAM 


Dynamic Random Access Memory 


[0218] 


DVD 


Digital Video Disk 


[0219] 


EPROM . 


Electrically Programmable Read Only Memory 


[0220] 


HTTP 


HyporText Transfer Protocol 


[0221] 


HTTPS 


HyperText Transfer Protocol Secure 


[0222] 


IM 


distant Message (or Ibistant Messaging) 


[0223] 


lOCTL 


Input/Output Control 


[0224] 


IP 


Intmiet Protocol 


[0225] 


ISP 


Internet Service Provider 


[0226] 


LAN 


Local Area Network 


[0227] 


LCD 


Liquid Crystal Display 


[0228] 


MD5 


Message Digest Algorithm 


[0229] 


NAT 


Network Address Translation 


[0230] 


NDIS 


Network Driver Int^ace Specification 


[0231] 


OS 


Operating System 


[0232] 


PC 


Personal Computer 


[0233] 


PCMCL^ 


Personal Computer Memory Card International Association 


[0234] 


PCS 


Personal Communication Service 
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[0235] 


PIM 


Personal Information Manager 


[0236] 


PROM 


.. Piograminable Read Only Memory 


[0237] 


PSTN 


Public Switched Telephone Network 


[0238] 


RAM 


Random Access Monory 


[0239] 


ROM 


Read Only Memory 


[0240] 


SDK 


Software Developmrait Kit 


[0241] 


SSL 


Secure Socket Layer 


[0242] 


TCP 


Transmission Control Protocol 


[0243] 


TLS 


Transport Layer Security 


[0244] 


UI 


User bit^ace 


[0245] 


URL 


Universal Resource Locator 


[0246] 


WAP 


Wireless Application Protocol 


[0247] 


XML 


extensible Markup Language 
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What is Claimed Is: 

1. A system for providing peer-to-peer communication services via a data network, 
comprising: 

a plurality of peer devices, each peer device having a user interface and a network 
interface for enabling communications over the data network; 
5 a peer server, coupled for data communication via the data network, for providing session 

establishment services for the peer devices; 

at least a respective one of the peer devices having a programmable controller and 
program storage; 

a peer client program in the program storage, execution of the peer client program by the 
10 programmable controller causing the respective one of the peer devices to conduct signeding 
communications with the peer server via the data network and to conduct a peer-to-peer 
communication in a session with an other one of the peer devices via the data network; and 

a web server, coupled for data communication via the data network, for providing a web 
page interface for a browser implCTiented by one of the peer devices lacking a peer cUent 
15 program and for providing a proxy peer client program for use by the pear device lacking a peer 
cli^t program, to enable signaling communications via the data network with the peer server 
and a peer-to-peer communication with an other one of the peer devices via the data network. 

2. The system as in claim 1, wherein tiie peer-to-peer communications include one 
or more communications selected from the group consisting essentially of: file sharing, folder 
sharing, e-mail message transfer, instant messaging, remote control, voice conversation, and 
video conferencing. 

3. The system as in claim 1 , wherein: 

the peer server maintains a database of users and information as to which peer devices are 
on-line at a given time; and 

the signaling communications include signaling to the peer devices of on-line status of 
5 other peer devices. 
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4. The system of claim 3, wherein: 

the peer sCTver identifies a plurality of the users as members of a commxmity ; and 
signaling of on-line status to a peer device of one of the members relates to the on-line 
status of peer devices of members of the community. 

5. The system of claim 4, wherein: 

the peer server further identifies a subset of members of the community as members of a 
team; and 

the signaling of on-line status to a i>eer device of one of the members of the team relates 
5 to the on-line status of peer devices of members of the team and availability of shared matOTals 
stored on peer devices of members of the team. 

6. The system as in claim 1, wherein the peer cUent program is configured for 
execution in a type of peer device selected firom the group consisting essentially of: a personal 
computer, a personal digital assistant and a wireless mobile telephone device. 

7. The system as in claim 1, wherein the session establishment services provided by 
the peer server include providing digital certificates to peer devices, to faciUtate mutual 
authentication during peer-to-peer communications. 

8. The system as in claim 1, wherein the peer client program comprises a peer 
service manager routine and an application program interface for interaction with another 
program having a user interface fimctionality. 

9. The system as in claim 8, wherein the application program interface is configured 
for interaction with a personal information manager program. 

1 0. The system as in claim 9, wherein the application program interface is configured 
for interaction with Microsoft Outlook. 

11. The system as in claim 1 , wherein the web server comprises: 

a web-based user interface program supporting browser interaction via flie data network; 
an implementation of a peer client program having an 2q)plication programming interface 
to the web-based user interface program; and 
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5 a peer service manager routine coupled to the web implementation of the peer client 

program. 

12. The system as in claim 11, wherein the web-based user interface program 
supports access from one or more types of browsers selected from ttie group consisting of: a 
personal computer browser, a personal digital assistant browser and a wireless application 
protocol browser. 

13. A system for providing peer-to-peer communication services via a data network, 
comprising: 

a plurality of peer devices, each peer device having a user interface and a network 
interface for enabling communications over the data network; 
5 a peer server, coupled for data communication via the data network, for providing session 

establishment services the peer devices, of users grouped together as members in a plurality of 
commimities; 

at least a respective one of the peer devices of a member in an identified cormnunity 
having a programmable controller and program storage; and 

10 a peer client program in the program storage, execution of the peer cheat program by the 

programmable controller causing the respective one of the peer devices to conduct signaling 
coimnunications via the data network with the peer server to establish a cormnunication session 
with a peer device of a member in the identified community, and to conduct a pe^-to-peer 
communication with the peer device of the peer member in the identified conmiunity via the data 

15 network. 

14. The system as in claim 13, wherein the peer server maintains a database of 
records identifying members in respective ones of the communities and on-line status of peer 
devices of the members in the respective communities. 

15. The system as in claim 14, wherein the session establishment services provided 
by the peer server include presence mapping regarding peer devices of members of the respective 
ones of the communities. 
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16. The system as in claim 13, wherein the session establishment services provided 
by the peer server include providing digital certificates to two peer devices for use in a peer-to- 
peer communications session. 

17. A program product, comprising executable code transportable by at least one 
machine readable medium, wherein execution of the code by a programmable user device causes 
flie programmable user device to perform signaling communications via a data network with a 
peer server and peer-to-pecr communications via the data network v/iHx another user device, the 

5 executable code comprising: 

a peer service manager routine for managing accessing of local information on flie 
programmable user device for sharing via the peer-to-peer communications, and for handling 
network cozmections for the signaling conmiunications and for the peer-to-peer communications; 
and; 

10 a peer service xiser interface program acting as a front-end for the peer service manager 

routine and controlling input and output of information via one or more user interface 
components of the programmable user device. 

18. The program product of claim 17, wherein tiie peer service usa: interface program 
implements an application program interface for interaction with another program having a 
common user interface functionality for the programmable user device. 

19. The program product as in claim 18, wherein the application program interface is 
corifigured for interaction with a personal iriformation ixiaiiager program. 

20. The system as in claim 19, wherein the application program interface is 
configured for interaction with Microsoft Outlook. 

21. A program product, comprising executable code transportable by at least one 
machine readable medium, wherein execution of the code by a programmable user device causes 
the programmable user device to perform signaling communications via a data network with a 
peer server and peer-to-peer communications via the data network with another user device, the 

S executable code comprising: 
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a peer service manager routine for managing accessing of local information on the 
programmable user device for peer-to-peer commimications, and for handling network 
connections for the signaling communications and the peer-to-peer communications; and; 

a peer mail service user interface program acting as a front-end for the peer service 
10 manager routine and controlling user input and output operations to enable peer-to-peer e-mail 
exchange via the peer service manage routine and the peer-to-peer communications. 

22. The program product of claim 21, wherein the peer service user interface program 
implements an apphcation program interface for interaction with another program having a 
common user interface functionality for the programmable user device. 

23. The program product as in claim 22, wherein the application program int^ace is 
configured for interaction with a personal information manager program. 

24. The system as in claim 23, wherein tiie ^plication program interface is 
configured for interaction with Microsoft Outlook. 

25. A peer server, comprising: 

a programmable server computer comprising data and program storage, a central 
processing unit for execution of programming fix>m the storage, and an interface for 
communication via a data communication network; 
5 a peer service application resident in the storage; and 

a database of peer information maintained in the storage, wherein: 

the database identifies peer users and shared data items that the peer users make available 
for sharing with other peer users, and 

the peer service apphcation causes the programmable server computer to authenticate 
10 users, as peer users log in with the server, and to dynamically maintain information in the 
database, as the peer users log in and out with the server from respective peer devices and 
modify information regarding data items available for sharing among flie peer users. 

26. The peer server as in claim 25, wherein the database associates peer users into 
communities. 
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27. The peer server as in claim 26, wherein the database associates a subset of peer 
users wittiin a community into a team. 

28. The peer server as in claim 27, wherein: 

the peer service application causes ttie programmable server computer to dynamically . 
update the database with information as to on-line status of peer user devices associated with 
us^ in the team; and 

the peer service application causes the programmable server computer to provide notices, 
through the network to peer user devices associated with users in the team, of on-line status of 
other peer user devices associated with users in the team. 

29. The peer server as in claim 25, wherein the peer service application causes the 
programmable server computer to generate digital certificates and supply the digital certificates 
through the network to peer user devices, to enable peer user devices to authenticate one another. 

30. The peer server as in claim 25, wherein the peer service application is adapted to 
causes flie programmable server computer to provide services in support of file sharing between 
peer user devices. 

31. The peer server as in claim 25, wherein the peer service application is adapted to 
causes the programmable server computer to provide services in support of peer-to-peer 
exchange of e-mail between peer user devices. 

32. A peer service web server, comprising: 

a programmable server computer comprising program storage, a central processing unit 
for execution of programming firom the storage, and an interface for communication via a data 
conmnmication network; 

a web server program in the program storage, execution of the web server program by the 
central processing unit causing the programmable server computer to provide browser interaction 
with user devices via the data network; 

a shared proxy peer client application program in the program storage, execution of the 
peer client application program by the central processing imit causing the programmable server 
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10 computer to interface through the web server program to provide a peer service user interface via 

browser interaction with a plurality of the user devices; and 

a peer manager routine in the program storage, execution of the peer manager routine by 

the central processing unit causing the programmable server computer to manage network 

connections for signaling communications with a peer service server functionality and peer-to- 
15 peer communications with remote computing devices for peer user devices accessing the peer 

service web server via the browser interaction. 

33. The peer service web server as in claim 32, wherein the peer client application 
program and the peer manager routine are adapted to facilitate one or more peer-to-peer 
commimications selected from the group consisting essentially of: peer-to-peer information 
sharing, peer-to-peer e-mail exchange, peer-to-peer note exchange, peer-to-peer instant 

5 messaging, peer-to-peer voice conversation, peer-to-peer video conferencing, pe©r-to-peer 
multimedia streaming, and remote control of a pe^ device. 

34. A peer user device comprising: 

a programmable computing device comprising program storage, a central processing imit 
for execution of programming from the storage, an interface for communication via a data 
commimication network, and one or more elements providing an interface for user input and 
5 output; 

a pe&r service manager routine in the program storage, for maiiaging accessing of local 
information on the programmable computing device for peer-to-peer communications through 
the network, and for handling network connections for the signaling communications with a 
server and for the peer-to-peer communications; and; 
10 a peer service user interface program in the program storage, acting as a front-end for the 

peer service manager routine to enable peer-to-peer coxmnunications and associated user input 
and output 

35- The peer user device of claim 34, wherein the peer service manager routine and 
the peer sCTvice user interface program are configured to support one or more peer-to-peer 
communications selected from the group consisting essentially of: peer-to-peer information 
sharing, peer-to-pe» e-mail exchange, peer-to-peer note exchange, peer-to-peer instant 
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messaging, peer-to-peer voice conversation, peer-to-peer video conferencing, peer-to-peer 
multimedia streaming, and remote control of a peer device. 

36. The peer user device of claim 34, wherein the peer service user interface program 
implements an application program interface for . interaction with another program contained in 
the storage having a user interface functionality for the programmable computing device. 

37. The peer user device of claim 36, wherein the apphcation program interface is 
configured for interaction with a personal information manager program contained in the storage. 

38. The peer user device of claim 37, wherein the apphcation program interface is 
configured for interaction with Microsoft Outlook. 

39. The peer user device of claim 34, wherein the programmable computing device 
comprises a device of a type selected fi-om the group consisting essentially of: a desktop 
personal computer, a laptop personal computer, a personal digital assistant and a wireless mobile 
telephone. 

40. The peer user device of claim 34, wherein the peer service manager routine is 
configured for receiving a digital certificate firom signaling firom the server and for exchanging 
digital certificates with another peer user device for authentication during the peer-to-peer 
communications. 

41. A method of estabUshing a desired connection for a peer-to-peer communication 
session through a data network between an originating peer device and an intraded destination 
peer device, wherein at least the intended destination peer device is behind a firewall, the method 
comprising: 

establishing conmiunication through the network, firom each of the peer devices to a 
broker device; 

communicating a request for a desired connection with the intended destination peer 
device, ft-om the originating peer device to the broker device through the network, the request for 
connection including session related data assigned by the originating peer device; 
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sending a request to establish connection, from the broker device to the intended 
destination peer device through the network, the request to estabUsh connection containing the 
session related data assigned by the originating peer device; 

responsive to the receipt of the request to establish connection, sending an acceptance 
from the intended destination peer device to the broker device, the acceptance including session 
related data assigned by the intended destination peer device; 

sending an acknowledgm^it of the request for the desired connection, to the originating 
peer device &om the broker device, the acknowledgment of the request for the desired 
connection containing flie session related data assigned by the intended destination peer device; 

sending an initial session packet of the desired connection with the intended destination 
peer device through the data network from the originating peer device, so that the broker device 
receives the initial session packet from the originating peer device; 

sending an initial session packet of the desired connection through the data network from 
the intended destination peer device, so that the broker device receives the initial session packet 
from the intended destination peer device; 

formulating an acknowledgement of the initial session packet from the originating peer 
device, based on information from the initial session packet received from the intended 
destination peer device; 

transmitting the acknowledgement of the initial session packet from the originating peer 
device, through the network from the broker device to the originating peer device; 

formulating an acknowledgement of the initial session packet from the intended 
destination peer device, based on information from the initial session packet received from the 
originating pe^ device; 

transmitting the acknowledgement of the initial session packet from the intended 
destination peer device, flux>ugh the network from the broker device to tiie intended destination 
peer device; 

conducting peer-to-peer communications through the network, between the originating 
peer device and the intended destination peer device, responsive to the acknowledgements of the 
initial session packets sent by the broker computer. 

42. The method of claim 41, wherein the desired connection comprises a TCP/IP 
session between the originating peer device and the intended destination peer device. 
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43. The metiiod of claim 42, wherein: 

the session related data assigned by the originating peer device comprises a first identifier 
identifying a port assigned by the originating peer device; and 

the session related data assigned by the intended destination peer device comprises a 
5 second identifier identifying a port assigned by the intended destination peer device. 

44. A method of establishing a desired connection for a peer-to-peer communication 
session through a network between an originating peer device and an intended destination peer 
device, wherein each peer device is behind a proxy server, the method comprising: 

sending a request for a connection through the network from the originating peer device 
5 lo a broker serv^; 

generating two random values; 

supplying the random values fi-om the broker server to a peer proxy; 

sending a first one of the random values through the network fix>m the broker server to 
the originating peer device; 
1 0 sending a second one of the random values through the network firom the broker server to 

the intended destination peer device; 

initiating a first connection, across a first proxy server, firom the originating peer device 

to the peer proxy; 

sending the first random value via the first connection to the peer proxy; 
15 initiating a second connection, across a second proxy server, fiom the intended 

destination peer device to the peer proxy; 

sending the second random value via the second coimection to the peer proxy; 
upon receipt of the first and second random values firom the originating peer device and 
the intended destination peer device, enabling commxmications between the first and second 
20 cormections. 

45. The method of claim 44, wherein the desired connection comprises a TCP/IP 
session between the originating peer device and the intended destination peer device. 

46. The method of claim 44, wherein messages sent to and firom the peer devices 
during the steps of establishing the desired connection comprise XML transactions. 
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